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From the Editor 


A very happy Gregorian New Year to MacTech readers! As a Lime Lhat people often make resolutions, 
it’s a good time to talk about the upcoming year for MacTech, Resolutions are really just intentions. 
They're not even really full-fledged plans. It turns out that most people rescind or never even get 
around to doing what they resolved to do (or not to do) in the first place. It's in the spirit of that framework 
in which I make our resolutions this year. 

First, we certainly intend to not slip on the IT developer coverage we’re already including in the 
magazine. We have some great material already lined up and are always meeting (or chasing down) 
authors with new and practical points of view. 

Second, we're looking forward to broadening the audience through new articles and events. 

Events?!? Yes! lliat leads me to the third resolution; we will be running, and have some great ideas for 
the second MacTecb Conference. We’ll also be attending events, like LISA in California, MacSysAdmin in 
Sweden, NSConference in England and more. Please say hello if you see us out and about! 

Fourth, you'll be seeing us more often run concise MacTech Boot Camp events. 

Finally, we're just going to be open to what lakes place. Life has a funny way of changing your plans 
without consulting you. From that, you can crumble, or rise to (and above) the challenge. We ll be doing 
both, 

I have to say a sincere think you to everyone that made 2010 a great success on many fronts, Here’s 
to meeting working with everyone front 2010 again and meeting new people to add to the mix. 

Speaking of people from 2010, we have everyone back for more, right here. This includes a new 
Swaine Manor, from returning author Michael Swaine, Developer to Developer by Boisy Pitre and another 
Consultant Cowboy by Ryan Wilcox. 

As for new authors, we have plenty in that category as well, Ronald Gehrmann will be devoting a few 
articles tat focus on helping the home user. Many of us deal with the technology environment of a 
business, small or large. However, home users—which there are an increasing number of—have slightly 
different rules and requirements. Sometimes, this is as simple as helping a family member. More and more, 
though, consultants are focusing their entire business around this market 

Another first time MacTech author, Joshua Long, takes a look at the recently released free edition of 
Sophos Anti-Virus Home for Mac. On home machines, its often a question weather to run anti-virus or 
not. Let Joshua take you through the pros and cons. 

Finally, this month we're beginning a series on working with Macs in the Enterprise from the 
Enterprise Desktop Alliance (EDA). The EDA is formed of several companies that help Mac admins leverage 
a Windows infrastructure to serve and manage Macintosh computers. What better time to start than in the 
month that sees the end of Apple s Xserve? 

As always, we love hearing from readers, like you. Yes, you! Let us know what you like, and what 
you'd like to see at letters@moctedi.com. 

See you next month. 


Ed Marczak, 
Executive Editor 
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My friends Tom Bludger and Art Larrikin claim that they 
recently attended a press conference on Microsoft's presence 
at the upcoming Consumer Electronics Show, and to prove it 
they sent me this annotated transcript of the highlights of the 
conference. By “highlights” I see that they mean their own 
running commentary on the presentation. Frankly, I doubt 
that the whole thing ever 
happened. Nevertheless,,, 

...we join the press 
conference already in progress. 

And already in italics. 


Microsoft has a long 
history* in the tablet computing 
market... 

Bludger: Wow, are you really —- 

sure you want to call attention 
to that history, Microsoft? 

Larrikin: Give ’em credit for perseverance: they're going to 
keep trying until somebody buys one, 

A decade before the Apple iPad, Microsoft founder and 
former chief executive Bill Gates introduced the concept of a 
tablet computer offering all the capabilities of a computer in 
a new form factor 

Bludger: So I guess 1 just imagined that Go Corporation 
introduced the tablet computer a decade before that. 
Larrikin: That's why we go to press conferences. You learn 
something every time. 

Bludger: So true. Thanks. Microsoft, for explaining to us who 
Bill Gates is. 

Next month at CBS \ Microsoft will showcase a number of 
slate devices from companies like Dell and Samsung that will 
give Apple's iPad some competition 
Larrikin: I love a good fantasy. 

Bludger: Wait, are they tablets or slates? I don’t know 
whether my finger is supposed to be a pencil or a piece of 
chalk. 

Larrikin: If they’d let us bring alcohol into these events we 


If they’d let us bring alcohol into these 
events we could take a drink every time 
they mention Apple. 


could take a drink every' time they mention Apple, 

Microsoft s CEO Steve Ballmer will take the stage to present 
one or more of these devices. 

Bludger: Prepare to be screamed at. 

The Samsung slate will he similar to the Apple iPad in size 
and shape, hid not as thin... 

Larrikin: And not as pretry. 

— Bludger: Well, they're clearly 

addressing a niche that Apple 
has overlooked. 

Larrikin: People who love fat, 
ugly devices. 

Bludger: ! know I'm going to 
run right out and buy one. 
Another innovation is the 
slick keyboard that slides out of 
the device when it is in 

landscape orientation, 

Bludger: Great, because moving parts that can get jammed or 
broken are soooo 20] I. 

Larrikin: Wait, why is the keyboard "slick?” Won't that make 
it hard to type on? 

Bludger: I think it must be greased to slide faster. 

The slate will have two operating environments: one for 
landscape orientation and one for portrait orientation , 
Larrikin: When will this second-class status end? I tell you a 
slate has the same rights regardless of its orientation, 

Bludger: No, listen, l think this means you can turn 
Windows off just by turning the device on its side. 

Larrikin: Big deal. 1 can do that with my Fujitsu laptop if 1 
flip it hard enough. 

Microsoft is confident that there is a large market of 
business people who ward to use slate devices to run Word , 
Excel and PowerPoint. 

Larrikin: What incredibly innovative thinking. 

Bludger: Microsoft is confident that there is a large 
market of people whose employers buy their computers and 
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software for them and who will use whatever they are paid to 
use. 

Larrikin: And the Gartner Group has the numbers to prove 
it, 

Microsoft envisions a large market of applications written 
for these slates. Unlike Apple, Microsoft will not launch an app 
store to sell these applications , hut will highlight them in a 
search interface on the slate, 

Bludger: Translation: Microsoft will sell search results and 
placement to app developers. 

Larrikin: Ooh. I was just going to say that. 

\\\i 
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Mac in the Shell 

by Edward Marczak 


PathMie.new(the_de-3tinfltioJi) >basename.to_s [0] 
puts "Copying fffthe_file} to #1 the_destinatiou) H 
FileUtils.cp the_file f the_destination 


end 
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More Ruby Basics 
for IT 

Useful Ruby for the 
Mac OS X Administrator 

V ^ 

Introduction 

List month, we continued our look at using die Ruby 
language as a way for System Administrators to automate tasks and 
generally make their life easier We started off with a sample 
program that copies a file to each directory under /Users on a 
system. This month, we have some refinements and additions to 
that script dial will introduce a few new concepts, while keeping a 
practical example in mind 

Recap 

If you missed last month's column, you really should go find 
it and read it! If you am t do that, let’s recap where we are. Over 
die last few Mac in the Shell columns, we've been talking about 
Ruby lor System Administrators: why it's a useful skill to have, why 
it’s possibly the best choice, and how it can make your job easier. 
Specifically, we've lieen using MacRuby. MacRuby lias had a 
version numlier increase since we started all of this, going from 
version 0.7 to 0.8, which fixes a few bugs. You should download 
and install MacRuby 0.8 from 

bttp://www.macrubyorg/downloQds.htmi right now if you don't 
already have it installed (and yes, if you have 0 7 installed from last 
month's column, go upgrade). 

We set out with a simple task: copy a text file to all home 
directories under /Users, The first iteration of the code we came up 
with looked like this ( Listing 1): 

Listing 1: dir Joop. rb 

#I/usr/local/bin/macraby 

require “fileutils" 
require "Pathname" 

us@r_dir = “/Users" 

the_file = *7var/messages/userjmessa&e< txt" 

Dir.foreach(user_dir) ( |x| 

the_destination = File.jain(uEer_dir, x) 
if (File.directary? (the_destination) 


If you're just joining in, fire up your favorite text editor, key in 
the code from Listing 1, save it as Ylirjooprb 1 and let's continue. 

Improvements 

After running this code last month, we decided that there were 
two immediate improvements that we could (and should) make. 
First, this program just dies if it is not run as root, and we should 
at least warn someone that they need elevated privileges. Second, 
we wanted to have a way to specify that our user's home directories 
may not actually be stored at die path /Users. 

The first case is easy to deal with. While there are a few way 
of handling this, diere's one particular way that 1 find to be the most 
Ruby-like, The addition is one line, and simple to add. Add the 
following as the first line of die program, immediately following the 
require lines: 

raise 'Must run as root' unless Processed = 0 

The raise command raises an error. If there is no other code 
to handle this error, the program prints the error and stops. Also, 
note how the unless conditional is used as a statement modifier. 
This is a very Ruhy-eqsue way of writing e his line, as opposed to a 
separate if statement followed by the raise command. Now, 
running tills program as a regular user results in die following 
output: 

$ ./dir_loop.rb 

I Volumes/homes/Users/genn/d ev7 rb/d1r_loop/./dir_loop,rb:6:in 
Xroain) 1 ; Must run as root (Runtlinearror) 

We can even clean this up further, but the raise command and 
error handling in general will be covered in greater detail in a 
future article. 

Command Line Arguments 

Tile second improvement can be handled through some error 
checking and by allowing die person invoking the program to 
specify where user home directories are located. Ruby has a really 
nice library for working with command line arguments allied 
opiparse. This month, we’re going to look at the simple way of 
handling arguments. 

A command line argument is simply the extra data passed into 
a program, specified at the command line These are considered to- 
be anything after the program’s name, and these can be specified 
w ith or without a flag. So, in the following example, “one" "two" 
and “3” would be considered three arguments passed into the 
program: 
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./program.rb one two 3 

If you wanted all of those to be one, single argument, you 
could enclose them in quotes: 

*/program.rb "one two 3" 

More advance uses often include a flag that specifies a value. 
Tliis allows a program to not have to depend on die position of die 
arguments: 

./program.rb -a one -b two c 3 

However, diese are, effectively, 6 arguments. Well leave diis 
style for the future, and just deal with positional arguments. 

Ruby handles arguments simply: each argument is stored in 
the global ARGV array. Unlike many other languages, Ruby stores 
arguments in ARGV starting with die first argument in position zero, 
If you’re looking for the name of the program, you can find it in 
the global variable $0, 

To illustrate, Listing 2 shows a short program that prints out 
each argument entered. 

Listing 2; argv_exampk.rb 

//! /usr/local/bin/macmby 

ARGV. each_index dojij 

puts "Arg #|11 = #iARGV[i]t" 
end 

Running the program in Listing 2 with arguments of “one", 
"two" and “three" pnxJuces this output: 

$ */argv_example.rb one two 3 


Arg 0 = one 
Arg I = two 
Arg 2 = 3 

So, how can we use this in our dirjoop.rb program that 
copies a file to each user home directory? We can use an argument 
to let die program know where to find the directory structure. 
Listing 3 contains die entire new program with our additions in 
boldface type. 

Listing 3 : The Updated dirjoop.rb 

#! /usr/local/bin/macruby 

requite "fileutils 4 * 
require ’‘Pathname** 

raise "Must run as root" unless Process.uid = 0 

the_file = "/var/messages/user^raessage,txt* 

userjdir = &RGV (03 

user dir = "/Users" if not ARGV[0] 

raise "#{user_dir) is not a directory or doesn't exist" if not 
Dir[user_dirl 

0ir.foreachCu6er_dir) ( |x| 

the_destination “ File. Join[user_dir* x) 
if (File.directory? t tbe_destination J && 

Pathname. new(thardestinatlon) * basename. to_s [0] I* 1 . ‘) 
puts "Copying # I the_filel to #Uhe_destination| w 
FileUtils.cp the_file. the_destination 
end 

1 

We could certainly have created a full if/then/end block, but 
the way 1 decided to handle this is a little more succinctly: plan on 
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using ARGVfG] as the destination, but fall back to using /Users if 
notiiing is supplied. We can even add in a sanity check to make 
sure whatever we plan on using exists and is actually a directory. 

Conclusion 

This was just another brief look at all that can be 
accomplished with Ruby and MacRuby Getting the basics down 
now will pay off in die long run. As promised, next month, we’ll 
look a little more closely at error liandling. 

Media of die month: “TRON: Legacy.* If you haven't seen it, do 
so. If you haven’t purchased the soundtrack, get it. If you do 
already have the soundtrack, but may have missed the original, I 
encourage you to check out the soundtrack from the original 1982 
version. While some of it may be a little dated, the majority of tracks 
stand up to the test of time. 


Until next month, get some more Ruby practice in on your 
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Battling the Deluge of Digital Detritus 

Mac housecleaning for improved organization, 
performance, stability 


by Ronald Gehrmann 


If you're reading this magazine, odds are you’re knee-deep 
in Mae and iOS technology, perhaps as a system administrator 
or software developer. You are a highly organized and focused 
person who knows their way around the OS, and who gets 
things done quickly and efficiently. 

At the opposite end of the tech spectrum are folks using 
their Mac or IDevice at home or at an office. They're not power 
users, they skim the surface and tread a few well-worn paths 
among their applications and files; they don’t really know, nor 
do they generally want to know, what’s going on “under the 
hood” -— they want their machine to just work. 

This column seeks to address the Mac tech that may 
typically or occasionally work with such “regular" users, and to 
help him or her understand some of the challenges involved. 

We want to avoid situations where these two worlds 
collide, the tech helper seething with frustration about the home 
user who “doesn't get it,” or the home user peeved at the tech 
helper who moves with such blazing speed that the user is left 
confused, angry and helpless. 

When one approaches a home user with patience and an 
understanding of each individual's different styles of learning 
and using their Macs and [Devices, the work can be very 
rewarding. After working with many hundreds of individual 
users for over ten years, it still delights me when a client has an 
“AHA!” moment they’ve grasped a crucial bit of information 
and made a quantum leap to greater creativity and computer 
empowerment. 

As a provider of tech support or tutoring, it’s important to 
present concepts and techniques in a language that the end user 
can understand, and to help them help themselves. 

The call for help 

You may hear an anguished cry of: 4 T can’t find the files fm 
looking for,” or “My Mac is running much slower than it used 
to” or the classic "For the past month, five been getting 
messages telling me I’m running low' on disk space, but I just 
ignore them ” 

1 explain that in the real world, objects take up space, and 
it’s easy to see when too much stuff piles up on your desk, in 
your filing cabinet, or on your closet shelves. When you're 
tripping over stacks of junk on your floor, you know have a 
problem. 


In the digital world, however, junk accumulates more 
quickly, invisibly, and insidiously. From the outside, a folder is 
just a folder, whether it contains ten items or a thousand. 
Visually, file icons all have Lhe same dimensions and 
appearance, but one may represent a mere 5 MB of data while 
another weighs in at a whopping 5 GB. 

Furthermore, even if an email inbox contains 5,000 
messages, at any given time only a dozen or are two listed on 
the screen — die rest are out of sight, out of mind. Many users 
succumb to the Gmail effect: “1 never need to delete an email or 
file again, five got more storage than Ill ever need, and I can 
use search tools to find what I want ” 

While it’s true that hard drive capacities are continually 
increasing, die amount of data stored by users is ballooning as 
well, and will probably always expand to fill the available space, 

Often, a user doesn’t realize too much stuff is cluttering up 
their Mac until, for example, they can’l locate files because 
they’re scrolling through endless lists, or because Spotlight 
presents them with multiple copies/versions of a file. 

Or a user may not know their hard drive has almost run out 
of space, affecting performance and stability, and risking data 
loss. One of my clients for months put up with a sluggish Mac, 
and even with images randomly disappearing from his iPhoto 
Library, before he sought help and 1 pointed out that only 
several megabytes of space remained on his 160 GB hard drive. 

Bottom line: not paying attention to data/cruft overload can 
cause all kinds of productivity problems and stability issues, and 
jeopardize die integrity of user data. 

Stemming the tide 

Cleaning house is not a “sexy” computer task, but after 
explaining to my clients die potential problems of data overload, 
and the benefits of dealing with it, I show them how and where 
data grows like weed trees, and how to prune it back. 

Here are some areas where a little bit of organization goes 
a long way. This is by no means a comprehensive list and not 
in order of importance — it’s just what 1 generally try to work 
on with my clients. 
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Many users are so overpowered by the email onslaught that 
they just give up and ignore the problem. I often see inboxes 
containing thousands of messages, many of diem unread, 
stretching back months or years (also, see the section on Email 
Attachments below). 

1 encourage my clients not to view their email inbox as a 
bottomless pit that never needs to be shoveled out. Instead, 
when a message appears try your best to act upon it. i.e. either 
read and reply to a message, file it away, or delete it. 

Continually tweak the junk mail filter to trap more garbage, 
and also to prevent legitimate messages from getting incorrectly 
labeled as spam. 

Create rules to send incoming mail to appropriate folders 
by project, sender, subject — whatever makes sense. 

If you find yourself inundated with bulk mail from 
legitimate senders, rather than ignoring or deleting those 
messages over and over again, simply use the sender’s 
unsubscribe options. Sure, those options aren't always easy to 
navigate, but finding and flicking that 'off' switch is time well 
spent. 

To quickly delete batches of unwanted email dick column 
headers in die message list to sort by sender, subject or date, as 
needed. 

If you want to keep years and years worth of email, archive 
messages into folders by year or by project. 

Email Attachments 

On my clients' Macs, I frequently find the email downloads 
folder cluttered with hundreds of files, many of them as multiple 
copies, because an impatient user will click to download the 
attachment, not see any visible progress, and then dick again. 
Other times, a user will revisit a specific email message several 
times, and re-download an attachment over and over again. 

Many users only understand that a file has been 
downloaded from an email if they see ii on their Desktop, but 

files are generally placed in locations such as 

"-/Library/Mail Downloads 

-/Documents/Mierosoft User Data/Saved Attachments 

where the user may seldom look. To give my clients easier 
access to these folders, 1 create aliases in the Finder Sidebar. 

Some users have a hard time distinguishing tetween 
messages in their email application (or webmail) and 
documents in their Finder hierarchy, so 1 explain the difference 
between opening a file directly from within an email, or instead 
saving the attachment to a desired Finder location and opening 
it from there. 

1 urge my clients to regularly visit their email downloads 
folder and review, file, delete as needed. 

Web Downloads Folder 

What’s true for email downloads applies here as well, with 
the additional nuisance of installers ( dmg, .zip, .pkg, etc.) 
kicking around. 
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We’ve alJ .seen it: the Skype or Firefox application running 
from the disk image, created by the dmg file, perpetually 
ejected and relaunched because it's been set as a login item. 

The process of downloading and installing an application 
is very confusing to the home user, and I offer the comparison 
that the .dp or .dmg file is like the packaging for your 
application, which means you can generally delete it after 
installing the application. 

I expect this will change significantly with the advent of the 
Mac App Store, when — as in iOS — installations will leave 
everything nice and tidy, 

iPhoto 

Many of my clients are bogged down with thousands or 
tens of thousands of photos, and l implore them; Sure you love 
your kids or your car or your vacation, but do yourself a favor! 
Immediately after importing photos from your camera, speed 
through that most recent batch and delete any photo that’s not 
completely amazing. Then leave your photos alone for a day or 
two, then come back and cull more of them in a second and 
perhaps third pass. 

Also, a utility like Duplicate Annihilator is great for finding 
and deleting multiple versions of files caused by a user 
inadvertently importing files repeatedly. 

Because of how iPhoto works, it’s important to note that to 
really delete photos, they need to be deleted not from Albums, 
but in the Library, in Events or Photos. 

Another major issue with is that after images have been 
imported from the hard drive into iPhoto, the originals can Ik* 
deleted What’s difficult is if a client still has many folders of 
original images kicking around in the file system, and there may 
be some doubt as to whether they've made it into the safety of 
iPhoto. In that case, it’s important to do careful checking to 
avoid deleting important images. 

It's also important to remind the user that they won’t really 
regain disk space until they empty iPhoto's own Trash. 

iTunes 

After you’ve seen a move or TV show, ask yourself whether 
you really need to keep it. 

It’s probably a good idea to root out any old iOS apps 
you're no longer using, especially if they take up lots of space. 

Desktop 

One of my clients for months saved all of his files to the 
Desktop, resulting in a nearly impenetrable thicket of icons 
scattered about. 

A special hazard of desktop file clutter is that icons pile up 
on top of each other, so that you sometimes can't tell if a pile is 
ten or a hundred deep. 

And then the fact that when a new file is created by an 
application, its anybody’s best guess as to where that file will be 
place on the desktop, so the fewer files, the better the likelihood 
that you’ll find it. 

My favorite technique to help clients get a handle on such 
a Desktop disaster is to open a Finder window and display the 
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contents of the Desktop in list view, then click the Kind column 
header and move different types of files into new folders, e,g> 
JPGs, PDF, Word, Excel, URL, and so on. 

Finder Trash 

Don’t let too many files accumulate there, because when it 
comes time to emptying die trash, it's always a good idea to 
review the items to make sure they can really lie permanently 
deleted. Reviewing files is a lot easier, and less prone to 
accidental deletion, if you're dealing with 30 files instead of 300. 

File system 

At some point, a home user may have clicked die wrong 
location in a save dialog, or selected die wrong default location 
for storing files, and important files may lie ending up in the 
Applications folder, or text documents in the Pictures folder. 

from time to time, 1 take my home users down the root 
level of their Mac HD and we work our way through the folders 
to make sure we locate and move hies as necessary 


Conclusion 

I believe that organization is nine-tenths of the battle. To 
most users, a regular regimen of digital house cleaning is not a 
fun task, but I explain that spending even a few minutes each 
day on cleanup (review, file, delete), will make them more 
productive and creative and happy with their Mac. Just show a 
user how you consolidated hundreds or thousands of files into 
a more manageable group of folders, demonstrate how the free 
space on their hard drive grows as items are deleted and the 
Trash is emptied. 

As with the proverbial horse and water, sometimes you can 
lead a user to a list of best practices, but you can't make them 
stick to it, However, with patient persistence, progress is made; 
the tech helper and home user can bask in the g\ow of a 
successful session. 

All 
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Files left over from PC migration 

Use spotlight to find and delete any >exe flies, aliases, 
thumbs,db, and other Windows files that are not usable on the 
Mac, 

There may also still be leftover folders full of images 
— check to see whether they're already in iPhoto. 
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something that is readily obtainable from its own Infb.pli.st 
file. 


Making a Splash 

Bring some pizzazz to your 
Cocoa applications 

with a splash window 

V _/ 

Introduction 


The dimensions of your splash window can vary, but 
should be a nominal size. If it is too large, it takes up an 
inordinate amount of space on the user's screen and becomes 
an annoyance. If it is too small, the user may miss it for the 
time that it appears, Since most modem Macs have high 
screen resolutions, a 400x400 pixel splash window, or 
something slightly larger, is adequate. You should feel free 
to experiment with the size, and find something that is right 
for your application. 

Should your splash window be exactly square? Not 
necessarily. Depending upon your application’s title and 
content, you could go for a rectangular shape either in the 
horizontal or vertical direction. Again, it’s ail in what the 
content of the splash window will be, as well as the message 
you're trying to convey to the user at the application's launch. 


As developers, we’re always looking for lagniappe 
(an expression we have here in South Louisiana for '‘a little 
something extra' ) to add to our applications in order to make 
them stand out. One design element that can help us to do 
just that is the inclusion of a splash window (a.k.a splash 
screen), it only comes up for a brief moment, but for users of 
our software, a splash window can give Cocoa applications 
that extra sleek and professional look. It's a way for your 
users to quickly be reminded of your application’s presence 
during launch, and can establish your application's design 
and motif right from the get-go. In this month’s Developer to 
Developer, we'll look at how to put together a splash window' 
and create an application that displays it upon start up on 
your Mac, It’s easier than you might think. 


Creating The Window 

Since the splash window is the first thing that users will 
see when your application is launched, it warrants spending 
some time to create attractive and compelling content. This 
is where a professional graphic application like Photoshop is 
necessary. Using such a tool you can put together layers of 
background, images and texi, adding various effects, to 
create a great looking splash window. Often a nice gradient 
background is a good place to start, and things can progress 
further from there, In our sample application (available at 
ftp.mactech.com), a starter splash window is provided in a 
Photoshop psd for you to experiment with. Feel free to use 
this as a starting point. 


To Splash... Or Not... 

Before we jump into the idea of incorporating a splash 
window into an application, let’s first consider its 
appropriateness. Although a splash window can look nice 
and exude class, ii is not necessarily the right thing for every 
desktop application. Small utilities that launch quickly 
especially single-window applications, are probably not good 
candidates for a splash window Typically it is the larger, 
more robust applications that can benefit from having a 
splash window, especially if the application needs a little 
time to load up before running. 


MyCoolApp" 

A Super App for a Super Computer 


Contemplating The Content 

While the exact content of a splash window' can be 
debated, it should usually contain a nice graphic with the title 
of your application, its icon, and some copyright information. 
You should also include the version of the program, 


Figure 1, Our example splash window graphic at startup 

With the actual graphic content created, how does one 
place it into a window? Let's look at the source code for our 
example project, appropriately named “Splash." 
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Code Organization 

Our sample application, Splash, has a single “main" 
window and a splash window that appears for a short 
duration (currently set to 2 seconds). Build and run the 
application. You will see the splash window appear and 
disappear. As soon as it goes away, the main window' 
appears and the program runs. 

Listing 1: Methods in the SplashAppDelegate class 

■ (void)splashWindovDidClose:(id)sender; 

[ 

[window JnakeKeyAndOrderFront;sender]; 

I 

- (void)applicationDidFinishLaunching:(NStfotlfication 
*) aNotif ication 
( 

SplashWindowContrailer * splash = 

ISplsshWiitdowController new] ; 

[splash setDelegate:self] ; 

I 

Let's start out looking at the code by examining the 
SplashAppDelegate.m file. All AppKit based applications 
begin life in the applicationDidFinishLaunching: 
method. It is here that we allocate a new instance of the 
SplashWindowController object, which controls the entire life 
cycle of our splash window. We also set ourselves as the 
delegate for this splash window controller and implement the 
splashWindowDidClose: method above. We do this 


because our application may be interested in doing 
something specific once it knows that the splash window has 
gone away. 

Let's move on to the splash window code. There are two 
classes and a .xib file dial make up the splash window 
portion of this application: The first class. Splash Window, is 
subclassed from the NSWindow class, and contains a single 
method: initWithContentRect: styleMask :back- 
ing:defer: This method sets up the window to have no 
border and to be centered on the screen. 

The window controller class, SplashWindowController, is 
subclassed from NSWindowController and overrides that 
class' initWithWindowNibName:delegate: method. 
This method obtains the CFBundleShortVersionString and 
CFBundleVersion values from the Info.plist file and creates a 
version string that will later be assigned to the NSTextField 
located in the .xib file. The splash window is then shown 
with a call to showWindow:. 

Listing 2: The init method in the SplashWindowController 
class 

- (void)timeToClose:(NSTimer *)timer: 
i 

[self*window close]; 

[.delegate splashWindowDidClose:self]; 

1 

- (id)init; 

1 

return [self initWithWindowNibName:£ H Spl&shWindow"]; 
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i 

- (id) InitWithWindowNibName: (NSStriag *)windowftibNante 
delegate:(id)delegate; 

I 

if (seif = [super initWithWindovNlbName:vindowNibName]) 
i 

.delegate = delegate: 

NSString ‘shortVersion ~ [[NSEundle mainBundle] 
objectForlnfoDictionaryKey:@ H CFBundleShottVersionString 1 *] : 

NSString ‘version = [[NSBtmdle mainBundle] 
objeetForlnfoOlctionaryKey tS^CFBundleVerslOTT]; 

VersionString = [[NSStrlng stringWithFormat:@"%@ 
(%@)*, shortVersion, version] retain ]l 

[self showWindow:self]: 
closeTimer = [NSTiner 

scheduledTiraerWithTiraelnterval:SPXASH_WINDGW_TIME 
target:seif selector^selectorftImeToClose:) userlnfomil 
repeats:NO]: 

I 

return self; 

1 

With the splash window now appearing, a timer is 
created and attached to the runloop. The method 
timeToClose: will fire after 2.0 seconds (defined by 
SPLASH_WfNDOW_T[ME at the top of the source file), at 
which time the window controller closes the splash window 
and calls the delegate (our application delegate) to inform it 
that the splash window is no longer showing. Our delegate 
method, located in SplashAppDeiegate.nl, instructs our main 
application window to appear, and we are off and running as 
normal 


It is worth noting that we can have our application's main 
window appear along with the splash window if we so 
choose, hy my simply moving the 
makeKeyAndOrderFront: method into our 

applicationDidFinishLaunching: method. It's all 
based on how you want your application to behave. 

Peering Into The XIB File 

The SplashWindow.xtb file contains a single window 
whose content view contains an NSlmageView. That image 
view is configured to use our Splash.psd image, which is part 
of our project. While our copyright information is embedded 
as an NSTextField. there is another NSTextField just above 
whose contents is programmatically assigned to hold the 
version number of our application. When the 
SplashWindowControUer comes to life, it holds li reference to 
this object and sets iLs contents from information in die 
application’s Info.pl 1st file. So the user can see, at a glance, 
what version of the software is running. 

Summary 

Splash windows bring an extra level of professionalism 
and presentation to a Cocoa application. Take some time and 
effort to create a compelling splash window. Also, timing is 
important, A splash window needs to stay up long enough 
for the user to determine a little about the application, but not 
so long that it becomes an annoyance. Get the message (the 



SHURE SOUND ISOLATING™ EARPHONES 


Get the most out of your music while on the go with the 
new Sound Isolating™ Earphones from Shure. Each 
model is designed to deliver every note of every song with 
crystal clear accuracy, so you hear it the same way your 
favorite artists hear themselves on stage. 


Learn more at www.shure.com/americas. 
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BOOTCAMP 2011 


When and Where? 

MacTech Bool Camp, for those that support home users, small office, and small to medium sized businesses, is January 26th, 2011, in 
San Francisco. The one-day, packed event will have sessions throughout the day and lunch is included giving attendees the opportuni¬ 
ty to not only learn from the best, but to also get to know others in the industry. 

One Track. 

Where MacTech Conference is for IT Pros and those supporting larger organizations, MacTech Boot Camp focuses on the needs of techs 
supporting consumer and small business markets. MacTech Boot Camp has a single track of sessions targeting what consultants and 
techs need to know to support home users, SOHO, and SMB. Sessions focus on both desktop and mobile, with appropriate levels of 
attention paid to the Mac, iPhone, iPad and iPod. 

Full Array of Topics. 

Topics include: Marketing Oneself in a Community • Client Handling • Client Documentation, Passwords and Records • Resources for 
Finding Answers • Basic Command Line • Troubleshooting Hardware • Networking Basics and Troubleshooting • Printing Setup and 
Troubleshooting (Wifi, USB, Bluetooth, and Wired) • iOS Support * Windows on the Mac Options * Software Updates * Backup Sys¬ 
tems and Options • Viruses and Security • Basic Scripting • Support Call Techniques • Remote Support and Access. 

Packed Schedule. Morning 'til Night. 

You won't just be in sessions hearing about great technologies and products. MacTech Boot Camp's pocked schedule is designed not 
only to be fun, but also to give you the opportunities to get to know your fellow attendees. 

Lunch Included. 

The time you spend with peers you know and new people that you meet is as important as the sessions themselves. Well be hosting a 
lunch for attendees making the event not only to make it all inclusive, but also so that you can maximize your time with other attendees. 

Space is Limited. 

We have a limited number of event attendee spots available. As a conference with hundreds, not thousands, of people, we want you 
to have time to get to know people. But, that also means that if you don't act fast, you may miss out. 

Subscribers Get Special Pricing. 

Everyone could get the early bird pricing in the beginning, but current MacTech subscribers can take advantage of it during an 
extended early bird window. But ad fast! Even for subscribers, it ends sooa. 


Special registration for current subscribers is: 

http:/ / www.mactech.com/bootcamp/subregister 





splash window) across to your user, then bring them to the 
main attraction (the main application window(s)) within a 
reasonably short period of time. 


Bibliography and References 

CocoaDevCentral com, NSWindowController 
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Professional Font Management 



"FontAgent® Pm is the premier font manager for creative Mac users, giving 
them the power and simplicity to get projects done fast and right Its the 
right technical solution as well. The new FontAgent Pro^TeamServer 1 * is 
perfect for small workgroups, and the Enterprise Server provides slick 
directory integration and unrivaled scalability." 


"As integrators and consultants, we have been 
recommending FontAgent Pro to our clients 
for the last seven years because it delivers 
unparalleled functionality at a competitive 
price backed by great, friendly service. 

You can't ask for more than that." 

Joe Schrom and Jim Hollis 
Sparklivity 

Raleigh, North Carolina 



djSider 


800-866-8778 +1-408-871-9933 
www.insidersoftware.com 

■i ■ 2010-4011 Insidfr Strflvrar Inc. All rights meniEd Font Agent Is j rpgolmd-tiKfemaik 
and Finn Agent Pm. TumStrar and Ihr Insider toga am tftfeiAafci of Imtttei 





When I Was Ready to Record, Shure Made It Simple 


When it's time to record, faithfully reproducing your sound is critical. Now you can 
easily capture your notes, beats and vocals digitally with the Shure PG27USB and 
PG42USB condenser microphones. Simply plug one of these USB mics directly 
into your computer and start turning your inspiration into art. 


To learn more, visit www.stiure.com/Pfirecording 


The PG27 and PG42 are also available with XLR output. 
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How do VMware Fusion 3.1 and Parallels Desktop 6 for Mac compare? 

x - by Neil Ticktin, Editor-in-Chief/Publisher - 


Why Virtualization? 

In 2005, Apple announced the switch of the Mac platform 
from PowerPC to Intel processors (the first Intel-based models 
were available in early 2006), This introduced some interesting 
opportunities For the Mac, including the ability to run operating 
systems other than Mac OS X on a Mac This includes noi tally 
your everyday Windows 7 or XP but also other Windows OSes, 
including 64-bit versions, and a wide variety of Linux and other 
OSes. 

You may already understand your options for running 
Windows on a Mac, but in case you don't, your first choice is to 
decide between Apple’s Boot Camp, and a virtualization product 
like VMware Fusion, or Parallels Desktop for Mac, With Apple's 
Boot Camp, you can run Windows natively, but you have to 
reboot every time you want to switch between Mac OS and 
Windows. In addition, you can only use one OS at a time. Despite 
a speed advantage for some things, that's not particularly 
convenient. For that reason, MacTech recommends a 
virtualization product for most users. 

Virtualization gives "switchers* (those switching from 
Windows to Mac) more comfort tecause they can use their old 
applications; and mote easily get to their old data. Ii gives all Mac 
users the ability to use some critical piece of software not 
available on the Mac. For example, your job may require you to 
run Internet Explorer, an older version of Outlook, or some other 
software lhat your corporate systems support, Or course, you may 
simply want to play a Windows game not available on the Mac. 

With virtualization, like you 1 11 see in Parallels Desktop for 
Mac or in VMware Fusion, you can run Windows alongside the 
Mac OS, getting die best of both worlds. For many, this may mean 
running Windows in a u window* on your Mac. BoLh VMware 
Fusion and Parallels Desktop also have the ability to run 
Windows applications even more transparently or full screen, but 
well leave that for another discussion. 

Your final option is to use Parallels Desktop for Mac or 
VMware Fusion to access/use your Boot Camp volume rather 
than a virtual hard disk. This gives you the option of sometimes 


booling Windows natively, and other times, using the volume for 
virtualization. As the performance of doing this improves, this has 
become a real option for users. 

The Big Question 

So which virtualization product do you go with? Which 
solution is taster? Should you run Windows XI 3 or 7? 32-bit or 64- 
bit? One virtual processor or more? In short, there are different 
answers for different people: it all depends on your needs. More 
and more, virtualization can do whichever is best for you. 

To tackle this problem, MacTech has once again undertaken 
a huge benchmarking project. We often wait for a patch or two 
after major upgrades to give time for major new versions to shake 
out. This is similar to the virtualization benchmarking projects that 
MacTech undertook in past. In both cases, as with other MacTech 
benchmarks, we tested perfomianee of the types of things that 
everyday users typically do, In this case, it was not just testing the 
raw performance of the Windows OS, but also commonly used 
Windows applications. Like last time, based on reader feedback, 
we paid a lot of attention to 3D graphics and gaming. 

The goal was to see how VMware Fusion and Parallels 
Desktop performed, covering both Windows XP and Windows 7, 
Furthermore, we wanted to see some of the differences with 
different Mac models, multiple processors and check for issues 
with 64-bit versioas of Windows. 

To be dear, this article is not a product review; it’s a 
benchmarking analysis. The article’s purpose is to assess 
performance (including Issues we found if something didn’t work 
right), and not product features, user interface, etc... You should 
use your assessment of features, user interface, and support in 
conjunction with the below benchmarking results to make your 
product choice. 

Before you ask why other solutions and products were not 
included, let's answer that. This benchmark project Is already 
huge with several thousand collected data points crossing two 
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guest OSes (Windows XI 5 and 7), four 
models of computers, virtual hard disks 
and fkx)t Camp volumes, and over 50 
tests each run 3*5 times for most of the 
environments. There were several 
thousand tests to he completed, many 
with a stopwatch, Thai's all before a 
single word of this article is written! To 
add even one prtxiucL would increase 
this huge test matrix by 50%, As a result, 
we focused on the two leading 
commercial virtualization products that 
come with support. These two products 
also have free trial versions that you can 
compare against other solutions so you 
can try them for yourself and compare 
them alongside any other solution you 
want at any time including before you 
buy. 

One tiling to note, however, is that 
open source and other free products 
may not be for everyone, especially non- 
technical users. For many these offerings 
can be difficult to understand and install, 
and they are do not have technical or 
product support behind them. 

Obviously, users can reach out in forums 
and the community but if you don't 
understand something, you won't be 
able to pick up the phone and call 
support the way you can with a 
commercial product. If that works for 
you, great. If not, as is the case for most 
users, then a commercial product is 
likely your solution. 

In fact, the testing took long enough 
that during the course of preparing these 
tests, both Parallels and VMware 
released additional minor updates. 

The Test Bench 

When we were choosing computer 
models, we set out to choose the cunent 
models of Macs giving a good 
representation of what most people may have. Certainly the faster 
models of these computers will perform even better. 

We chose four Mac models to compare alongside each other: 
the White” MacBook, MacBook Pro, iMac, and Mac Pro. 

■ 2GB MacBook, Intel Core 2 Duo processor (“White 
MacBook*) 

Specifically: MacBook 2,4GHz 2GB/250GB White 
Unibodv (May 2010} 

• 4GB iMac, Intel i3 processor 

Specifically: iMac 27in 3.20GHz « 4GB/1TB/567G 

* 4GB MacBook Pro. Intel o processor (“Unibody 


MacBook Pro” ) 

Specifically: MacBook Pro I5,4in 2.53GHz i5 4GB/500GB 
* 6GR Mac Pro, Quad-Core Intel Xeon processors 
Specifically: Pro 2.4GHz 6GB/1TR/5770 
Memory for virtual machines can be configured with a wide 
array of settings. As a general rule, VMware Fusion’s default 
memory lor each configuration (of physical RAM and “guest” OS) 
was the same or lower than Parallels Desktop (although 
sometimes it was higher). As a result, we let VMwares default 
guide die way. and set Parallels Desktop to the same as whatever 
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Colored Cell Vbbrkdieet Overview: Virtual Hard Drive 


VMware Fusion defaulted to. In most cases, this was 512MB for 
Windows XI* and 1GB lor Windows 7 (768MB on the MacBook), 

Similarly, for disk allocation, we defaulted to the sizes set up 
by VMware Fusion (40GB) and allowed for expanding disks, We 
took special care to make sure that the disk location of the virtual 
hard drive was sn a similar physical location, as that can make a 
significant difference in and of itself in disk performance. 

The tests compared VMware Fusion 3-1,1, with Parallels 
Desktop for Mac 6.0.11828.615184, running Mac OS X 10.6,5 with 
all updates. All requited Windows updates were installed for each 
version of XP and Windows 7. 

Overview 

We won t keep you in suspense. When we look at the “big 
picture" of all the testing. Parallels is the dear winner. If you count 
up the general tests (including one 3D graphics score). Parallels 
won 61% of the tests by 10% or more, and was also a bit faster 
on an additional 23% more of die tests. In other words, Parallels 
Desktop 6 beat VMware Fusion 3.1 in 84% of the general tests we 
ran. 


If you focus exclusively on 3D graphics, as measured by 
3DMark06 version 1.2, Parallels won by an even larger margin. 
Specifically, Parallels won 73% of the tests by 10% or more, and 
was also a bit faster on an additional 19% more of the tests. In 
other words, Parallels Desktop 6 beat VMware Fusion 3.1 In 92% 
of the 3D graphics tests we ran, 

When VMware Fusion was faster in 3D graphics, it w r as 
typically on the HDF/SM3-0 Score and the Batch Size tests (e.g., 
triangles). But, as you can see from bodi the test tally, and the 
colored cell worksheet overview, Parallels Desktop was 
overwhelmingly faster in graphics, and in working with real 
games, it was easy to see confirmation of the 3DMark06 scores. 

There are a handful of places that VMware Fusion 
consistently was faster than Parallels Desktop. In Microsoft Word 
2010, VMware launched (initial launch after boot, aka “Adam" 
launch) faster, and was faster on large, global search and replaces. 
It was also consistently faster under Windows 7 doing file 
compression, and loading SSL pages, 

Overall, VMw are Fusion won 6% of the tests by at least 10%, 
and was also a bit faster on an additional 4% more of the general 
tests. For the 3D tests, VMware Fusion w on 3% of the tests by at 
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BEYOND THE APPSTORE 

building a complete sales solution 



While we agree that an app store is a very 
important part of your sales strategy, we 
also understand the importance of 
diversifying your methods. 


eSellerate provides you with several options to 
help you round out your plan: 


• additional distribution channels 
• no restrictions on third-party APIs 

• access to customer data allowing you 
to market directly to them 
• ability to offer purchase options from 
within trial or demo applications 
• ability to offer updates or upgrades 
from within your own application 
• absolute control over your pricing 
with no limitations 

• maintain complete control of your 
products and strategies 
• no need to maintain multiple 
code sets 

• rates as low as 5.9% 





esellerate/ Empower your sales strategies. 

3 Digital River Competitive rates for all businesses, starting at 5.9%. 


www.esellerate.net/mactech +1 402-323-6600x39701 
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Least 10%, and was also a hit faster on an additional 3% more for 

a total of 6%, 

One of die best ways to visualize the huge amount of data 
points is through MaeTech's well-known “Colored Cell Worksheet 
Overview;' In these worksheets, a cell represents the best result 
for each test for each version of Windows for each virtualization 
product. These are then colored according to which product was 
faster. 

Green cell coloring means Parallels Desktop was faster than 
VMwaie Fusion. A blue cell coloring indicates VMware Fusion 
was faster than Parallels Desktop, Darker coloring means faster by 
10% or more, medium coloring indicates 1-10% difference, and 
lightest coloring means less than 1% difference. Those tests that 
could not he run due to lack of support from the virtualization 
software are shaded gray. (Note; Not all tests were run on all 
configurations, hence the empty cells.) 

The Virtual Hard Drive version of the Colored Ceil Worksheet 
shows the tests conducted on VMware Fusion 3-1 and Parallels 
Desktop 6 running Windows XP and Windows 7 while on a 
virtual hard drive which is the most common configuration for 
those running virtualization, 

The Boot Camp Volume version of ihe Colored Cell 
Worksheet shows the tests conducted on VMware Fusion 3.1 and 
Parallels Desktop 6 running Windows XP and Windows 7 from a 
Boot Camp volume. 

There are places that VMware Fusion 31 is faster than 
Parallels Desktop 6, For example, Word initial launch (the first 
launch since you booted Windows) is faster as is global search 
and replace, as well as SSL web page loads under Windows 7, 
Some of the individual graphic tests were faster on certain Mac 


models. Again, for the full list, look at the worksheet with all the 
demils. 

Obviously when you look at the amount of green on the 
worksheet, you can see that Parallels was faster in the vast 
majority of tests that we ran. 

Version Comparisons 

The versions that we tested for these benchmarks were 
VMware Fusion 3,1,1 and Parallels Desktop 6,0*11828.615184, We 
took a brief look at the new versions compared to the prior 
versions on the latest Mac OS X and Mac models. 

Since the last time we did comprehensive virtualization 
l>enchmarks. Parallels had a major upgrade from version 5 to 
version 6. With a major upgrade, we expected to see some nice 
benefits. We only tested a few things to get a sense, but we saw'; 

On XP, 7% faster on compression and 37% faster graphics 
(3DMark06 score ). 

On Windows 7, Full Windows boot more than twice as fast, 
and graphics almost twice as fast. 

Since the last comprehensive benchmarks, VMware had a 
minor bump from 3 0 to 31 We were curious how these versions 
differed on the current hardware and OS for die same types of 
tests, and saw these benefits: 

On XP T 8% faster on compression. 3DMark()6 tests crashed 
virtual machine (3d 2 fixed this, but we found it slower on 
graphics). 

On Windows 7 r Full Windows boot almost twice as fast, and 
3DMark06 tests crashed virtual machine 0.1*2 fixed this, but we 
found it slower on graphics). 
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usedcisco.com 

World's Largest Network Hardware Outlet 


World's largest used Cisco outlet 

Over 2000 of the most popular parts in stock 

60 ■ 90 % off list 

• FREE 2 YEAR WARRANTY with coupon code: MACTECH* 

• FREE SHIPPING on orders over $200 (for a limited time only) 



Call us: 800.504.7199 

Visit us on the web at: USeddsCO.COm 


Just some of the parts we carry.... 



+ To use your coupon, either: 1) Call in your order (BOO) 504-7199, and mention coupon code MACTECH OR 

2) Shop online at usedcisco.com. On the lost step of checkout, enter coupon code MacTech in the "Salesperson” field. 

Complete your order online (you will not see your discount applied here). We will apply the discount when we process the order, and only charge your 
card the adjusted total. You will be a new confirmation as well. Coupon not combinable with any other coupon, discount or special promotion. Coupon 
not transferable. Coupon applicable to web pricing only. 







CPU Score 


High Dynamic Range 
Rendering (HDR), 
Shader Model 3.0 


Shader Model 2.0 


3DMark06 Score 



Normalized Results 
(LONGER is better) 

■ Parallels, XP ■Fusion, XP ■ Parallels, Win? Fusion, Win? 

Oveall Graphics Performance 


3D Graphics Tests 

We’re always on the lookout for new ways to measure 
graphics in particular. And this time, again, we did look at some 
of the results of other benchmark suites, and found that their 
assessment of graphics was so clearly wrong, For example, 
Performance Test 7.0 gave results showing 3D graphics at double 
the speed, when we could dearly .see visually that 3D was closer 
to half the speed. 

As a result, we again used 3DMark06 (version 1.2) by 
FutureMark. 3DMark06 is a globally recognized and comparable 
measurement of the 3D performance. Gamers use 3D Murk as way 
to test their machines and tweak them for performance. See 
http://www.futuremark.com/ for more information about 
3DMark06. 

Tliis time, we also experimented with FRAPS to see how it 
would rate the frames per second rates for 3DMark06 tests (which 
3DMark06 also reports), FRAPS reporting, and 3DMark06 
reporting, were nearly identical, giving us additional confirmation 
of this being the right tool for the job of assessing 3D Graphics 
performance, 

3DMark06 has three main aggregate scores The most 
important of which is the "3DMark Score," In addition, SM2,0 
Score measures 3D Shader Model 2,0 performance, and the 


HDR/SM3.Q Score measures the 3D Shader Model 3 0 & HDR 
performance, 

Clearly, if you are going to play games and be serious about 
it, then running in Boot Camp is your best choice running 
Windows natively. However, Parallels Desktop is fairly close and 
of course, you don't have to reboot with a virtualization solution, 
deal with driver issues, and more. VMware Fusion 3.1 continues 
to have problems rendering 3DMark06 tests, and in the case of the 
MaeBook Pro simply wouldn't work (in fact, it often corrupted the 
virtual machine), 

Without a doubt, Parallels Desktop’s greatest advantage over 
VMware Fusion is in 3D graphics. Not only is the speed difference 
huge (Parallels Desktop is often double or more the speed of 
VMware Fusion), but the qua lip' of graphics we saw in the 
3DMark()6 tests as well as actual game play is far, far letter. 

Additional Conclusions 

There are additional conclusions that we can extract from the 
results as well Specifically, we looked at the differences between 
XP and Windows 7. as well as multiple virtual processors and 
using a Boot Camp volume. 
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0 Android 
0 BlackBerry 
0 Palm Pre 


0 Symbian 
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■ Fusion, Win? 

VlWuareFuacn 11: Windows XP vs Windows 7 

64-bit 


Right from the beginning, things just felt better running under 
Windows 7. Pan of this is a more modern interface, but for the 
most pan, tilings just feit snappier. I/O was faster graphics 
worked letter in both products, etc. The whole experience just 
made you want to run Windows 7 over Windows XP. 

We wanted to see what some of the lienchmarks did, and 
normalized a number of scores so that we could compare them. 
With the exception of application performance, which was still 
quite good, Windows 7 helped things run better and faster for 
both Parallels Desktop and VMware Fusion. 

In previous virtualization benchmarking projects, there were 
significant differences between tunning Microsoft XP vs. Vista, or 
XP vs. Windows 7. At this point, MacTech recommends that unless 
you have a driving reason to use XP (like application 
compatibility), you should move to Windows 7 Of course, no one 
should be using Windows Vista. 


There's a big marketing push right now for 64-bit. We did not 
measure 32-bit specifically against 64-bit during these 
benchmarks, but we did use a 64-bit version of Windows 7. While 
most users still don't need the additional address space that 64-bit 
brings, we no longer see any penalty to running 64-bit. As a result, 
especially if you are moving to Windows 7, you should probably 
move to the 64-bit version unless there’s some specific reason not 
to, 

Multiple Virtual Processors 

There’s a lot of "bragging rights" that encircle using multiple 
virtual processors under virtualization. In earlier versions of 
Windows, there were licensing issues that created artificial 
limitations. Today, especially with Windows 7, it’s different. 

Depending on the test, and whether XP or 7, sometimes 
Parallels was faster, and other times VMware. The most significant 
difference was with the launch and a full Windows boot where 
Parallels was noticeably faster (shorter bars are better). 
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In virtual machine performance with two virtual CPUs, we 
saw fairly predictable results. File duplication tests were split: 
VMware won under XP, and Parallels won under Win?. 
Compression tests were also split, but fairly dose regardless. 
Launch virtual machine time, however, goes again to Parallels with 
noticeably faster full Windows boot times. 

For graphics, similar to what we saw with a single virtual CPU, 
Parallels was faster across the board when using two virtual CPUs. 

These days, the decision is fairly simple. If you have an 
application that can make use of multiple virtual processors, and 
this includes 3D Graphics, and your Mac has enough horsepower, 
then you should use them. Otherwise, it's not necessary. 

Then again, if speed is that important to you, you should tie 
asking yourself about whether to run the app native on your Mac 
instead of in a virtual machine. Sometimes, like for CAD, you may 
not have an option. 

Graphics performance with two virtual CPUs became even 
more pronounced, especially under Windows XP where Parallels 
Desktop was 3-4x faster than VMware Fusion, VMware Fusion 
scored considerably better on graphics tests under Windows 7, 
That said. Parallels Desktop continued to tie faster there as well. 

Running on Boot Camp Volumes 

One option users have is to lie able to switch back and forth 
between Bool Camp and virtualization. The way this works is that 
you install Boot Camp, as you normally would, and then you setup 
either Parallels Desktop or VMware Fusion to access that volume 
instead of a virtual hard disk (the default setup). 

When running die virtual machines. Parallels outperforms 
VMware Fusion in performance when they are accessing a Boot 
Camp volume. While we didn't benchmark it because it’s 
.something a user only does once, VMware Fusion’s setup time is 
considerably less than Parallels. Both products, especially when 
dealing with driver issues for iMacs that come with Bluetooth 
keyboards, are significantly easier to .set up than if running Bool 
Gimp natively. 

When it comes to running virtualization solutions off a Boot 
Camp volume, die virtual machine performance is the most 
relevant Across die board, Parallels was again faster here, and in 
launching the virtual machine with a full Windows lxxir, it was 
noticeable from a user experience point of view. 

Graphics running on Boot Camp volumes benchmarked as 
expected with Parallels significantly outperforming VMware Fusion 
except for the CPU score where Parallels Desktop just edged out 
VMware Fusion. 

3DMarkD6 scores are not as impacted by running off the Boot 
Camp volume as other tests. As a result, with die exception of CPU 
score, we continue to see large margins of speed difference where 
Parallels Desktop 6 is much faster than VMware Fusion 3. L 

Conclusion 

Both VMware Fusion and Parallels Desktop for Mac are 
excellent products, and both allow you to mn Windows XP and 
Windows 7 quite well (except for graphics in VMware Fusion). In 


the end, your decision as to which product you should take into 
account what’s most important to you. 

Windows 7 is such a pleasurable experience that unless 
there’s some driving reason otherwise, you should be using it 
under either virtualization product. 

When it comes to whether you should use multiple 
processors or 64-bit virtual machines that depends on your use. If 
you have a real need for either, and can articulate a reason for it, 
than use them. They do work well. That said, if you don’t have a 
specific need, then don’t bother with multiple virtual CPUs. As for 
64-bit, you should use it especially in Windows 7 unless you have 
a driving reason not to. 

Many people have the feeling of "more is better? but when it 
comes to RAM in the virtual machine, that is not necessarily the 
ease. Mote RAM means longer virtual machine launch times, 
suspends and resumes. For most users, 512MB to 1GB of virtual 
machine RAM will work best. Use more than that only if you really 
know you need it. Gaming may do test with 1,2-1.4GB of RAM if 
you can spare it. Windows 7 with 768MB to 1GB, 

In the vast majority of overall our tests, Parallels Desktop 6 
won. Again, if you count up the general tests (including one 3D 
graphics score), Parallels won 61% of the tests by at least 10%, and 
was also a bit Faster on an additional 23% more of the tests. In 
other words, Parallels Desktop 6 beat VMware Fusion 3-1 in 84% 
of the general tests we ran. 

If you focus exclusively on 3D graphics, as measured by 
3DMark06 version 1.2, Parallels won by an even larger margin. 
Specifically. Parallels won 73% of the tests by at least 10%, and was 
also a bit faster on an additional 19% more of the tests. In other 
words, Parallels Desktop 6 beat VMware Fusion 3-1 in 92% of the 
3D graphics tests we ran. 

If gaming, graphics, and 3D are your thing, you have a dear 
choice. Parallels Desktop 6 has so much tetter graphics support, 
and is so much Lister in most of the comparisons, there’s simply 
no contest. 

To be dear, this article is not a product review; its a 
benchmarking analysis. You should use it as part of your decision 
combined with other factors such as product features, user 
interlace, which OS you want to run, graphics capabilities and 
support to make your product choice. 

One thing is dear: virtualization for the Mac works well. 
Really well—even for casual gamers. Kven with that, given the 
track record, \ continue to expect that well see virtualization 
products keep getting better and better. 


About The Author 
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Consultant Cowboy 


by Ryan Wilcox 

Roles to Play 
in Your Business 

It’s not just about 0's 
and 1 ’s anymore. 

___ J 

Introduction 

Owning a consultancy business does not mean you get to be 
an engineer and work on what you want all day. Being a consultant 
cowboy is more than that, and in this manner is no different from 
the small bakery down the street: there's a lot more than just baking 
going on. 

There's an assumption that many people have here: once you 
understand the technical side, that’s all you need to know to be a 
consultant cowboy, or even a baker. There are a lot of other areas 
that need attention too, and sometimes J struggle with finding time 
to do all those other things that are that required of me. 

This month well get what roles you now have to undertake 
in your business, what (metaphorical) hats you have to wear to get 
and keep your business going. Playing all these roles are important, 
even when you're at your busiest. 

Some roles you’ll do better than others: die trick is to find what 
you do well, and play to your strengths, and that's what the second 
part of this article focuses on. 

Hats To Wear, Hats To Leverage 

In any small business there's a multitude of things to do, and 
this goes double when you add technology into the mix, You must 
lie businessman, manager, developer, business analyst, finance 
controller, and marketer. 

Businessman 

Working in an office has its advantages—someone else goes 
and buys paperclips when you’ve used the last one, takes care of 
the bills, does the filing, stocks up on soda, and the myriad of other 
tasks an office needs to have done. 

This person is now going to lx: you. Out of pens? You're going 
to die store., .maybe not right now, but you—not someone else— 
have to make that trip. 


This is why you can't assume you're going to bill 40 hours a 
week, at least initially. Until you really know how to manage your 
time (or delegate), consider that at least 1 day a week will be taken 
up by running around and errands stuff. 

This office manager stuff is also a good place to find 
optimizations, time management-wise. Do you really need to run 
to the store to get folders, or can you put it on a list to do In batch? 

You're also the front man for the business. This means that 
you do die networking, die schmoozing, die business involvement, 
and die following up on leads. You are die coordinator and die one 
who sometimes has to fire clients because they’re unprofitable or 
had business-wise. You’re the one who brings business in, and die 
one who develops the business. 

You’re also the vision person: the one who thinks alxiul die 
direction the business as going, where you want to be financially, 
how you want the business to grow, and how you want to 
differentiate yourself from the competition. 

You’re die one driving the company: the imaginative force 
behind it. The one that explores new opportunities:“What if I grew 
some talent in this area?? 1 “Can I make some strategic partnerships 
with local businesses?,'' “What happened if 1 started marketing my 
business towards this technology over there? 11 

The businessman, or the entrepreneur role, is die dreamer. 

Manager 

Once die businessman goes and finds all the work, there's 
need for planning and organizing this work. That's where another 
role comes in: manager. Being a manager means taking a Icxik at 
how many projects you have going on, and planning when you 
can get at this next project, work load wise. Being a manager 
means drinking about chaos and turning it into order. 

Thinking like a manager also can mean taking on bigger jobs 
than you would normally by pulling in a team of consultant 
cowboys to get a btgger job done. 

The manager is the general: thinking strategic thoughts and 
directing troops, noticing work load levels, incoming jobs, and 
avoiding battles he doesn’t have the resources to handle now... or 
planning unique ways to conquer those too. 

Your management roles dnril end there, because you're also 
the project manager for each project you take on: making decisions 
on a tactical level for each project You're responsible for figuring 
out how long a project will take, making sure it's delivered on 
schedule, interacting with the client, and juggling the priorities of 
various clients vs. die work you currendy have in process. 

Consultant 

You're also die guy who actually gets the work done. You, as 
the consultant, might write apps for the client Cor do other work, 
but we ll get to duit later in the article!) and your billable hours are 
responsible for bringing money into the business. To be the 
consultant you should have l>een around the block a few times, 
having been on real projects and interacted with real customers. 
Academic projects are great, but there's something that hones your 
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skills when an actual customer is looking over your shoulder 
wondering when their project is going to lie ready for launch. 

The book Entrepreneurs in High Technology: Lessons from MTf 
and Beyond, had an interesting survey about previous work 
experience when starting a technology teed business. The survey 
took 111 carefully studied entrepreneurs (technologists formerly 
involved with MIT or its labs), and looking at the work experience 
they had before founding a new business. Out of the 111 studied, 
79% had from 3 to 16 years of work experience before hand, 22% 
had more than 16 years, and only 2% had less than 3 years work 
experience before going off on their own. 

My recommendation here echoes the statistics above: I worked 
part time for a local software development shop while in college in 
Rochester NY It was an amazing learning experience working with 
people who had been programming die Mac since the 1900s, and 
1 gained a ton of technical experience there, and became a better 
programmer because of it. This experience probably was the 
difference, in the early years, in failing vs. keeping die business 
afloat. 

Business Analyst 

As die business analyst, you're responsible for working 
through die requirements of a project with a client, being die 
middleman between the technology and the clients needs. 

You’re also going to be responsible for unraveling and 
understanding business processes that die client themselves might 
not understand (or the client might be too knee-deep in the chaos 
— which they consider to be normal — to make any logical or 
coherent story out of requirements. This making order out of chaos 
is gpod, because some of this will happen as a natural parr of 


translating stories and vague feature requests into functional 
software to help your client. 

You, as die consultant cowboy, are responsible for figuring out 
what the client really wants. You're also die one who has to 
translate tine requirements into testable user stories for acceptance 
testing (if you're into that sort of diing). 

I’ve even experimented with using user stories as part of my 
estimation teclinique. If not user stories then use discretely testable 
chunks of functionality, I’ll get into this and other tips in a later 
article. 

Likewise, a business analyst needs to be able to talk to the 
client in a language they am understand. This also means realizing 
drat die client doesn’t speak asynchronous wire transfer protocol. 

Your clients don't care about this tech stuff, or knowing that 
implementing an API (lx? it AppleScript or web REST interface) is a 
good idea: your client cares about one thing: il How does it help me 
and my clients?” The client doesn’t care that you’re implementing 
the system using the latest Lexis, they only care about the value they 
can get out of the system. 

These thoughts go double for writing proposals or estimates 
too. An excellent tongue-in-cheek blog entry by someone 1 met at 
a Harrisburg PA BarCamp (the adhoc uticonference) illustrates this 
point well: hrtp://macfach/ccbp. If you do find yourself speaking 
wire transfer prottx’ol to a client, don’t fret: client communication 
just may not be one of your strengths, Liter in this article, and the 
next, well talk more about how you can play to strengths and 
minimize weaknesses. 
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The Money Person 

You're also the one who keeps an eye on the budget; what 
money you currently have, how you're spending it, what money 
you have coming in, and hew you budget and proportion that out. 

Likewise, there are financial decisions to be made, and you're 
going to lie the one who makes them (potentially with input from 
your business partner, spouse, or significant other). 

Your finances am lie the ultimate barometer of the business: 
if you're making money, live bank account will show that. If you 
need to do something different, the bank account will show that, 
too. 

I’ve tried to give sound financial advice so tar in this article, in 
particular advice about eschewing business loans, fve been 
reading We Business Of Software; What Every Manager, 
Programmer and Entrepreneur Must Know To Thrive And Survive 
in Good Times and Bad (by Michael A Cusumano). One chapter of 
the book has case studies of software companies that have 
succeeded and failed. Each case study talks about money coming 
in, and loans (if any) the business took out to keep afloat. See, 
there’s a bad thing about loans (or venture capital money): they 
enable you to do the wrong tiling for longer than you should. 
Maybe that “wrong thing” is a locus on research and development 
(not shipping product!), or maybe that wrong thing is the status 
quo of your business (and you need to move your business to 
where the money is now). 

You don't warn to acquire too much loan overhead: if you 
ow r e $500/month in loans, but your business is currently in a “bust” 
(few projects and little money coming in) phase, that $500 might 
important for other things (like paying rent). 

Marketer 

Starting any small business involves a bit of marketing: 
customers can’t text a path to your door if they don't know you 
exist. If you’re the local bakery you need to do a certain bit of 
advertising and marketing telling people about your awesome 
bread. 

As a consultant cowboy, potential clients need to know r you 
exist, that you might be the solution to all their problems. 

But marketing isn’t just about advertising, putting up big 
billboards that say, “Ryan is awesome, hire him for your 
development needs!” It’s also alx>ut analysis: figuring out what 
you’re good at, figuring out what die local competition looks like, 
what your strengths are and how to leverage them). 

Marketing isn’t alxxit sleazy advertising like that billboard: it's 
about figuring out what service to sell, where, how you do it, then 
telling people about yourself.. even when you're at your busiest 
already. 

In actuality, we’ve been talking about marketing all along. The 
first, September 2010, Consultant Gawboy article talked about 
identifying your competition; in the October 2010 issue we talked 
about identifying the type of person you are. in the December 2010 
Issue we talked about a business plan: even a minimalist business 
plan cun set down your thoughts and direct your marketing 
efforts). 
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The second half of this article is going to talk about finding die 
role - hat - diat looks good on you. Future articles will talk more 
about marketing and what that means for a Consultant Cowlxjy. 

Keeping all these demands in line 

A few agile development teams IVe been on have scheduled 
retrospective meetings at the end of iterations. During tliis meeting 
ail the team members go around and say what went well, what 
didn't go so well, and what we could do better. 

Ill is is an excellent practice that you, as an entrepreneur, could 
apply A two-week iteration from my own business a few years ago 
might have gone something like: 

What uxmt well Got 30 billable hours in for Client Q, and 
some changes around the office have worked really well 

What didn't go so well : It leels like 1 spend the whole morning 
every Monday entering hours into my hours database, and by the 
time I deal with that and invoicing ills 3 PM. 

What I can do better: Spend less time in Nel News Wire reading 
RSS feeds and doing email. 

If’ J had l^een having a retrospective every two weeks in the 
early years of the business, 1 might have identified problem areas 
in die business, and come up with solutions earlier than i did 

Likewise, a retrospective helps you reposition your company, 
or your marketing, towards growing industries. For example, 3 
years ago most of my revenue came from Mac OS X desktop 
development, but now Ruby on Rails pays the bills. Two years ago 
I changed my marketing emphasis subtly: listing web development 
top of my list of offerings on my website. A regular retrospective 
might have identified this trend earlier and let me capitalize on it 
sooner. 


Another bit of fodder for your retrospectives? How much time, 
and what activities, you're performing your different roles. ] 
encourage you to almost role-play the different roles involved* 
office manager, front man, manager, developer, etc,, and ay to 
come up with solutions for die problems faced by each perspective, 
then take action towards those solutions. 

For example, the “1 spend tile whole morning every Monday 
entering hours 11 in the retrospective is an activity that detracts from 
my profitable work (writing code for clients). About three years ago 
I resized that spending so much time entering hours was 
unprofitable, and found a better way that kept both the developer 
role (“I hate doing this*) and the front man Cl need to get hours so 
1 can make an invoice'’) happy, 

Finding the hat that looks good on you 

As a Consultant Cowboy you’ll need to, at some point, do all 
of the things listed above, but this doesn't mean that you should (or 
can!) lie an expert in T or strong in everything. 

Breathe, and realize that this is OK, 

Ves T this goes against wisdom. 

Traditional corporate annual reviews often feature a "here are 
areas where you are weak and need to improve”, with the idea that 
if you exercise your weaknesses you can lx.- stronger in those areas. 

You might approach your business like tills: <l Wow t Pm weak 
in JavaScript, so I’m going to take on some JavaScript projects so I 
can get better!," or Tm bad at bookkeeping, 1 would need to spend 
more time to understand it.” 

Yes, there's value in improving yourself, learning new 
technologies to keep current, and reducing your weaknesses. My 
advice to you, to keep il simple, is to forget those performance 
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reviews and leverage what you're already good at as business 
strength. 

tf you're already good at programming network client/server 
apps, let die world know! Being a consultant cowlxiy is hard 
enough without handicapping yourself further by ignoring your 
strongest workhorse! You need every advantage you can get, and 
will have plenty of’ other things competing for your time and 
energy. 

You might dunk, “How can 1 leverage just my strengths? It 
sounds like I have to be good at almost everything to get client 
work!” There's a life hack here: you don't have to lie. Here are some 
examples... 

Wearing your Super nerd hat with pride 

If you realize you are (or have been told), dial you’re bad with 
people that don’t have a Masters degree in Computer Science, 
maybe you need to rethink your strategy. Or maybe some of die 
talk From the business analyst section rang a little too true for you. 
Because as a Consultant Cowboy; you may have to talk to die 
neighborhood doughnut shop owner about his idea about 
doughnut ordering online,..without mentioning asynchronous 
protocols or web services, (Because they don't care). 

If you really need to talk about web services (or the innards 
of the C++ type system) to customers, you need to leverage diat 
ability’ of yours: perhaps targeting other consultancy companies, 
with you being staff augmentation, or find an agency that needs 
technical help on projects. In both cases, the other company has 
already mined the technical requirements out of the messy, wishy- 


washy desires of the client, and can present you with cleaner 
system requirements. 

Back end strong? Then wear that hat with 
gusto 

Some programmers are often stereotyped as being bad at UI 
design, be it rich apps on the desktop or websites. Maybe you 
realize, or have been told, that your UIs are ugly, kick flair, or are 
unusable. Now might be the time to work with a UI person to make 
your designs lietter, or find a designer and partner with them to 
jointly bid on a project. 

For example, in the web world, a designer can take your 
HTML output and style it properly with CSS stylesheets, or work 
with you to create conventions in the app dial work for bodi of you 
(and might also result in better, more semantic, final product!). 

Good with tech, and people, but not with 
code? Find a unique hat to wear 

Maybe you're not that good at programming, but are grxxi at 
something else. Maybe you’re awesome with requirements, 
scheduling, training, coaching, marketing, or something,,,but not 
so much with code. 

All hope is not lost! Maybe you are profoundly technical. 
You’ve written code in die past, but maylie you aren't just as good 
at it as you could lie. 
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Don’t throw your dreams away just because you don't know 
deep, technical facts about C++. That's not where your strength is. 
What is? 

An example, from the Mac indie developer community, of 
someone who doesn’t code but still renders a valuable freelance 
service: .Ash Ponders, of http://www.aptfolk.com. He found his 
strength (understanding products and helping other people use 
them) and found a market for his skills: he answers customer 
support email for indie developers. An incredibly important job, an 
interesting strength/niche, and a real problem in the developer 
community: As a developer, where would you rather be: in 
Mail .ap p all day answering email about your application, or in 
Xcode.app writing your application? I know I'd rather lx* writing 
my app, and if I can outsource support, then more power to me. 

Find others who need you to wear your hat 

Consultant Cowboys in general have a disadvantage: their 
small size makes it hard to get big contracts. Potential clients might 
lie scared of a lone consultant just walking off, or maybe the project 
is just too big for one person. 

It may lx to your advantage to make friends in die developer 
and consultant community, locally or remotely, For example, the 
modem iPhone app is composed of not just an iOS app, but also 
a slick interface and oftentimes a backend website for the iOS app 
to store data. 

Outside of die fact if you can do all these things yourself, it’s 
a lot of work in separate areas. If you have a sister consultant 
company you can rely on for some of the project, you can take on 
bigger (more stable!) projects than if it's just you. Maybe your 
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strength lies in the website part of it, and not the iOS app side, and 
you need some help diere. Partnering up to bid on projects as a 
team can open interesting (and sometimes longer term!) projects 
tliat you can find individually 

Hats from other places: your outside 
interests/knowledge 

Setting aside technical capabilities, is diere something about 
you that is a particular strength? Maybe you love playing with 
hardware, or have a former career as an accountant? Really enjoy 
writing documentation? Know sign language? 

Ask yourself why outside of technical reasons, would a 
customer want to hire me? Especially when someone in India (or 
China, or down the street) can work twice as hard as I do for half 
die wage? There might lx a niche in there, or an idea of an industry 
you can target w ith your marketing. 

If you’re coming from a major technical corporation, you 
might have dealt with a decision about becoming a manager vs, 
staying an engineer. The "This Developer’s Life" podcast 
(http://thisdeveloperslife.com) has an excellent episode about thus 
(Episode 1.0.9 - Management), with interviews from several people 
having to make diis career choice at where they work. 

One interviewee talks about how ire was in a management 
role, but is Icxiking to go off on his own and getting back into 
technical work. Several other interviewees talk about how they are 
managers now, and what that means for their personal 
happiness,Maybe that career choice is what made you look into 
being a consultant, but that experience also might lx one of your 
particular strengths. 

However, if you were in management and didn’t like the 
project/numlxr crunching, think about that kx>: there's going to lx 
a little bit of that as a consultant too. 


Conclusion 


Running a business requires a lot of different types of work 
beyond just engineering, which is great: you have a lot of things 
going for you beyond just the technical side of things, too. Maybe 
this involves a little change of plan from what you first diought. 
Maybe you have some thoughts on marketing yourself, or thoughts 
on how you want to go about marketing, 

Next month in the Consultant Cowboy series Is marketing: 
figuring out what service to self where, how you do it, then telling 
people about yourself How you can use tills to develop your 
business into something you want to do, not selling yourself into 
doing boring work that you hate. 


Until then: See you, consultant cowboy. 




About The Author 

Ryan Wilcox has been consulting on bis own for the last 8 years, through 
ups and downs in his business. In 2009 he started thinking about best 
practices for business, in addition to his normal thinking about 
programming. He can be found at: http://wYfw.w8toxd.com. Have 
thoughts or want to give feedback on tins article? rwikox@w8coxd.com 
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Welcome 

Tills month's issue marks the beginning of a new section of 
MacTech Magazine called the Enterprise Desktop Alliance Shoumse, 
If you aren’t familiar with the EDA, their mantra is “Making it easy 
to deploy integrate and manage Macs in a Windows environment! 
Each month, the Enterprise Desktop Alliance (EDA) will bring you 
technical information in MacTech Magazine 

Whether FT supports them willingly, grudgingly or not at all, 
Macs are becoming an inevitable presence, and in most 
organizations, continuing to grow year-over-year. This is borne our 
in recent reports from LDC as well as a survey from the EDA with 
participants reporting an estimated growth of 26% for business and 
personal use. 

What is the Enterprise Desktop Alliance? 

In 2008, the Enterprise Desktop Alliance was founded to 
provide information to IT managers and administrators alxiui how 
they can leverage existing Windows infrastructure to easily 
integrate Macs into their organizations, 

With Lhe right solutions, Mac-Windows integration can lie 
done without having to depend on a parallel infrastructure. This is 
welcome news to those who were surprised by Apple’s 
announcement in November 2010 that they intend to discontinue 
t he Xserve at the end of January 2013 Nor is there any need to 
maintain specialized skill sets and expertise to facilitate Mac 
management 

EDA member companies provide best in class technology and 
solutions that enable IT departments to deploy integrate, and 
manage Macs throughout their organization using the standard 
Windows-based management tools that are already in place. 

Computer Lifecycle Management: Manage 1 J C, Mac, and 
iOS4 devices from a single interface using existing Windows 
infrastructure. Asset information Ls easily integrated into third parry 
applications such as Microsoft SCCM and Web Help Desk. 

Identity & Access Management: Use familiar Windows- 
based administrative and Group Policy tools to centrally 
manage accounts, define access controls and enforce security 
and configuration policies for Macs by integrating them 
seamlessly into your existing Active Directory domain. Enable 
two-factor authentication with support for CAC and P1V smart 
cards. 

File & Print Services: Allow for seamless file and print 
sharing between Mac desktops and Windows servers with a 
solution that provides complete platform and application 
compatibility, 

IT Service Management: ITSM professionals can access 
an enterprise level, cross-platform service desk solution that is 


intuitive, flexible, and extensible, 100% browser based and 
web-standards compliant, all application features will be 
available to users on Mac OS X, Windows or Linux. 

EDA Members 

Absolute Manage features an extensive list of cross-platform 
functionality including hardware and software inventory, software 
distribution, automated patch management, license monitoring and 
reconciliation, remote configuration and management for all the 
PCs and Macs on your network. Absolute Software client 
management solutions enable enterprises to improve IT efficiency, 
security and effectiveness while improving the user experience in 
today’s complex, cross-platform computing environments. Absolute 
Manage includes management capabilities for iOS4 devices 
(iPhone, iPod Touch and iPad). 

Centrify enables organizations to reduce IT expenses, 
strengthen security and enhance compliance by securing their 
cross-platform environments through Active Directory-based 
identity and access management, With Centrify DirectControl for 
Mac, IT administrators can use familiar Windows-based 
administrative and Group Policy tools to centrally manage 
accounts, define access controls and enforce security and 
configuration policies for Macs. Over 2500 enterprise customers 
worldwide have chosen Centrify for its quick-to-deploy, easy-to- 
manage next-generation technology to manage and secure not 
only Macs but 250+ versions of UNIX and Linux as well 

Group Logic is a leading provider of solutions that lets 
companies quickly and easily access, share and extend their digital 
content investments—both within their enterprise and in the cloud. 
With over 20 years of unmatched experience, Group Logic’s 
emphasis on customer success Ls the very core of its lousiness. More 
than 4,500 customers trust Group Logic every day to maximize their 
ROl for existing digital content, improve process efficiency, and 
save time, money and IT resources. 

Web Help Desk software is the leading cross-platform service 
desk solution for ITSM professionals w ho seek to streamline their 
increasingly complex .service environments. 

Visit the EDA website and access the on-line library for free 
information and resources (http://enterprisedesktopalliance,conn/) 
including: webcasts and videos, white papers, technical papers, 
application notes, surveys, Q&A, expert system integrators and 
other resources. If you would like to lie one of our select partners, 
or are a developer who creates and markets cross-platform 
solutions, contact us at Enfo@enterprisedesktopallEance.com 

Now, in tiie pages to follow, enjoy the first EDA Showcase 
article. 
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Introduction 

Now that Apple lias discontinued the Xserve T it may he 
time to revisit using a rack-mounted Windows server as a file 
server. The most popular use of the Xserve is as a file server. 
You can continue to provide your Mac users with a Mac 
experience at the same time you leverage your established 
Windows servers anti expertise to provide backend file 
services. 

While Mac OS X provides support for using SMB to access 
Windows shares, the native AFP protocol has many advantages 
for Mac OS X systems, and Group Logic's ExtremeZTP Server 
enables a Windows server to folly support AFP clients such as 
Mac OS X, Organizations wanting to integrate Mac OS X 
systems into their Windows-based enterprise network will most 
likely want to also centralize the storage of user home 
directories on a Windows server to ensure proper data security 
and backup policies are applied* 

We’ll tell you how to connect your easily connect your 
Macs to Active Directory and to leverage Windows Server to 
provide AFP services for those Macs. Your users will log in to a 
Mac OS X system with their Active Directory user ID and 
password to gain access to their home directory stored on a 
Windows server. This paper will also explain how- to set up a 
Mac to support a Distributed File System (DFS) hosted home 
directory. The integration of DirectControi and ExtremeZ-IP 
combine to provide IT administrators the tools and services 
they need to fully integrate Mac OS X systems into both the 
centralized administration and management that Active 
Directory provides as well as the centralized network storage 
that Windows Server provides, further reducing the cost of 
managing OS X systems in a Windows-centric enterprise. 

Mac OS X provides Lhe flexibility to enable administrators 
to use local hard disk or a central server to store the users 
home directory. When they choose to store the home directory 
on a network file server, there are even more choices, such as 
SMB (Server Message Block), AFP (Apple Filing Protocol) or 
NFS, Additionally, Windows servers can create a DFS 
(Distributed File System directory that is spread across different 


storage volumes* Jt is also possible to combine these methods 
and maintain a master home directory on the server while 
providing offline access with a local cached copy of the 
network home directory; Apple calls this a Portable Home 
Directory* 

CentrifyDirectControl joins the Mac OS X system to Active 
Directory and provides the user authentication* manages the 
user’s UNIX (Mac OS X) identity, sets up the Kerberos 
environment for SSO, and manages the home directory path 
and mounting of network home directories. In this scenario, we 
will use the AFP protocol to enable the user to access a 
Windows server for the home directory since it offers many 
advantages over using the SMB protocol 

Set Up the Windows Server 
and ExtremeZ-IP 

The Windows Server and Mac workstation must be joined 
into the same Active Directory forest, This server does not have 
to be configured with the file server role in order to serve a file 
system to Mac systems, but if you want to also provide home 
directory services to Windows computers, then you should 
configure this system to also be a file server. 

Kerberos-based user authentication enables a Windows 
home directory to be mounted at the time that the user logs in 
without needing to store a user ID and password anywhere on 
the system. This ensures that the user’s Active Directory 
password is protected and the resulting Kerberos environment 
can be used to authenticate the user to the AFP-based home 
directory provided by ExtremeZ-IP. 

In this article we will be using examples from ExtremeZ-IP 
7.1, the most recent version as of this writing, which supports 
DFS described later in this article. 

We can optionally set up ExtremeZ-IP Server's Settings to 
define the name that the server will be known to AFP-based 
client workstations. Typically this is only necessary to support 
Mac OS 9* but in some cases it may be helpful for Mac OS X 
clients. 
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Choose the Settings/Service Discovery tab. In this case, we 
will use the same name for the AFP Server Name as the 
Windows name so that DNS will resolve to the same computer. 



Figure 1. Service Discovery Settings 


the user's own home directory from the user, check "Use 
volume as a home directory." 
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Figure 3* Volume Properties 


Choose the Settings/File Server tab and check “Enable 
Home Directory Support" and the “Use Profile Home Directory 
Support”, a feature of ExtremeZ-IF that hides all other 
directories in a share point from the user except for his specified 
home directory, thus eliminating the user's ability to see all 
other users 1 home directories (which he shouldn't be able to 
access). However, if you want users to be able to access 
directories other than just the user’s home directory, you may 
want to leave “Enable Home Directory Support" unchecked* 
Check “Allow Kerberos Logins" to enable users to gain 
access to the server without having to type their user ID and 
password once they have logged in with their Active Directory 
credentials (Single Sign-On feature.) 



Figure 2, File Server Settings 

Next we need to define die Volume that will be shared via 
AFP. Click the "Volumes” button at the bottom of the 
ExtremeZ-IP window, and choose Lhe directory containing Lhe 
users home directory. In this example we will share “C:\Users" 
and give it the ExtremeZ-EP Volume Name of “Users’. If we 
want to hide this ExtremeZ-IP Volume from users that do not 
have a home directory on it and hide all directories except for 


In the Profile tab of die user’s Active Directory Users and 
Computers user account properties, define a network home 
directory share path by selecting the “Connect " radio button, an 
appropriate Drive Letter, and entering a valid path. When the 
Apply, 7 ’ or “OK" button is clicked, a home directory is 
automatically created for the user according to the path, 
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Figure 4. User Account Properties 

It’s a good idea to log in From a Windows client machine 
with the Active Directory user and ensure the user can log in 
and their network home directory' is automatically mounted in 
Windows before proceeding to the Macintosh configuration. 
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DirectControl provides centralized 
management of all UNIX, Linux and Mac user 
attributes, including their identity and home 
directory path. These new user attributes can be 
managed using the Active Directory Users and 
Computers MMC console on the Centrify Profile 
tab, or through the DirectControl Administrator 
Console. For a user who might need to have 
more than one independent set of UNIX or Linux 
or Mac user account properties DirectControl 
supports them by establishing using a “Zone,” 
which is a logical grouping of computer systems. 
For the purposes of this article, we will 
install DirectControl on the Mac workstation and 
join the Mac to Active Directory in “Workstation 
Mode" which only requires DirectControl to be 
installed on the Macintosh computer and Centrify 
Zones do not need to be defined or configured. 
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Figure 6. User Accounts in System Preferences 


.Steps to Install Centrify DirectControl 
and join the AD Domain: 

Before starting, ensure that your Mac operating system is 
supported, DirectControl currently supports Mac OS X 10.4 and 
later on both PPC and Intel processors, 

1, Download the DirectControl for Mac DMG file. This is a Mac 

"disk image" that, once downloaded, will automatically 
mount a volume containing the Centrify DirectControl for 
Mac installer and relevant Mac utilities and documentation 
to your Mac desktop. 

2, In the DMG, double-click to launch the ADCheck utility, 



ADCheck 

Figure 5* ADCheck Utility 


launch so you can join your Mac to an Active Directory' 
domain. In ADJoin, type the name of your Active Directory 
domain, and select the Workstation Mode radio button. 
Then click the join Domain button. 

Configuring centrifydcxonf for Network 
Home Directories: 

In Workstation mode you will need to use a text editor to 
configure 2 items in the file /etc/cemrifydc,conf/ 

auto.schema.remote.file.service should be set to "AFP" 
example: 

auto .schema, re mote. f 1 1 e,ser viee: AFP 
and 

auto.schema.use.adhomedir should be set to "true 
example: 

auto.schema.use.adhomedir: true 

After these settings, you will need to either reboot the 
Macintosh computer or run these 2 Centrify command line 
commands in the Macintosh terminal app as an admin user: 
adflush 
adreload 


The ADCheck utility can alert you to any network issues that 
would prevent your Mac from reaching a Windows domain 
controller Resolve any issues before going to the next step 
{you may need assistance from your Windows 
administrator), 

3, Double-click the installer package, CentrifyDC to install 
DirectControl on your Mac, 

4. When the installation finishes, the Centrify ADJoin utility will 


Testing the Solution 

Once a computer is joined to Active Directory, any user 
who has a valid Active Directory user account on a computer 
that is joined to Lite AD domain will be able to log in using the 
Mac workstation without any further user configuration 
required on the system. DirectControl enables the Mac to be 
treated just as any other Windows workstation in the 
environment based on the user authentication policies and 
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login methods that are supported and modeled after an XP 
workstation in an Active Directory environment. 

Logging in to this Mac for the first time with the user's 
Active Directory user ID and password results in the network 
home directory being populated with the default set of Mac 
user files and folders on the Windows Server. We can see in die 
Accounts panel within the System Preferences that the user's 
account, “John Smith" is a Network account that was defined in 
Active Directory. 

Opening Finder and going to the Home directory will 
show that the Home Directory path is mounted to the AFP 
network share that we previously defined. 

£ Finder File Edit View Co Window Help 



Figure 7. Home Directory Path 


We can also see on the Windows server that the home 
directory was properly populated with the default home 
directory contents for a Mac workstation on the server. 

Kerberos-based authentication from the Mac to the 
Windows server also ensures that proper permissions are 
enforced as the user accesses files and folders on the server in 
addition to providing the user with single sign-on to the file 
server. By using Kerberos to authenticate to the server, the file 
server will enforce proper security regardless of the user's local 
UNIX identity on Lhe Mac workstation, meaning that a user may 
have a UID of 10000 on a laptop and a different UID of 15000 
on a Mac in a lab environment, and yet the user will still be able 
to access his network home directory from both workstations 
based upon his Kerberos-based authentication to the server. Me 
permissions will be reported back to die user that he can read 
and write the files, while on die server it will show that his 
Active Directory account is the owner of the files. 

Now that the user has a home directory he can access from 
a networked workstation, he will be able to use either a Mac or 
Windows computer to get to his home directory using the 
platform’s native network file access protocol for the best 
platform compatibility. 

Using Centrify DirectControl with DFS 

Microsoft Distributed File System (DFS) is a set of 
technologies used to present a single virtual namespace to a 
collection of file servers and manage replication of data 
between those servers. Microsoft DFS consists of two 
technologies: 

• DFS Replication (DFS-R): providing facilities for replicating 
file server data between locations and servers. 
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Figure 8, Same Home Directory from Windows 


DFS Namespaces (DFS-N): allowing administrators to group 
file server shares on disparate machines into a 
single virtual namespace so end users can access 
fcsJeHl files without needing to know where the files are 
located. 

Using DFS provides numerous benefits, 
including allowing administrators to relocate share 
points to other locations or servers without having 
to change the network paths clients use to access 
the share. 

To use DFS with a Macintosh client, the 
Macintosh and ExtremeZ-IP need to be 
configured to use DFS. For the purpose of this 
article, we will use the ExtremeZ-IP DFS Client 
application on the client Macintosh, and assume 
the Client Macintosh is running Mac OS 10.3+, 
which currently are the only versions to support 
DFS home directories on a Macintosh. 

In the following example, for clarity, we have 
used a different Windows directory and 
ExtremeZ-IP Volume than described in the 
previous section, but there is nothing preventing 
non-DFS and DFS Macintosh clients from using 
the same home directory. 
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Figure 9, DFS Namespace 


Configure ExtremeZ-IP on the Windows 
Server to support DFS: 

A Summary of the Steps to Use DFS home directories with 

ExtremeZ-IP: 

* Configure your 
Windows server and 
Active Directory Users 
to support DFS and 
DFS home directories 

* Configure ExtremeZ-IP 

to use the DFS 
Namespace 

■ Set up an ExtremeZ-IP 
Volume on the target 
server for the folder 
containing the User 
Home Directories 

* Set up an ExtremeZ-IP 

Volume on the DFS 
Root Emulator for the 
DFS Home Directory 

* Download and Install 
the Group Logic DFS 
Client Application 
from the ExtremeZ-IP 
Web Server onto your Mac 

* Edit the Group Logic DFS configuration file /etc/dfsservers.conf 

file on the Mac client, adding the IP address or hostnames 
of your ExtremeZ-IP DFS root serveifs j 

If you do not already have an appropriate namespace, you 
should configure a DFS Namespace on a Windows Server, 
using the Windows DFS Management Application. In our 
case we created a namespace called DFSH0MES on a single 
server that is our Domain Controller, DFS Root Server, and 


DFS Target Server. 

Add a target to your DFS Namespace for the directory 
containing your User home directories. In this case the user 
home directories reside on the Windows Domain Controller 
local file system, but they would usually point to a network 

share. We’ve called 
our DFS Folder 
"DFSHomeDirs" 
and it is targeting 
an actual directory, 
“C:\DFSUsers," 
which contains the 
Home Directories 
of our users. Please 
note that the target 
directory (in this 
case u DFSUsers”) 
needs to be shared 
and accessible with 
the correct 

permissions on the 
network. In other 
words in our 
simplistic single 
server example the 
DFS link 

\\km2centrifycom\DFSHomes\DFSHomesDirs resolves to a 
target share of \\WLn20G8PC\DFSUsers which happens to be 
the same server. 

Make sure your Active Directory user profile points to the 
new DFS Namespace, rather than an actual path. In this 
example, the user “Mary Jones 11 Home Folder path is: 
V\win2008pc.km2centrFfy.com\DFSHOMES\DFSHomeDirs\mjones. 

At this point you may want to validate the Windows DFS 
configuration by logging in this user with a Windows Client, If 



Figure 10. DFS Servers 
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they can log in and their network home folder 
is mounted, even though their Home Folder 
profile uses a DFS Namespace, then proceed 
with this setup for Mac users, 

ExtremeZ-IP DFS Configuration 

In the ExtremeZ-IP application in 
Windows, click the ' Settings" Button and Select 
the “DFS” tab. Click the lJ Add" button and enter 
the path to the DFS namespace you defined in 
the Microsoft DFS Management Application, In 
this case it’s WKM2CENTRfFY\DFSHQMES 

ExtremeZ-IP will validate the path and will 
put up the Namespace and the corresponding 
target server. You 11 need to check the AFP radio 
button and click “OK” 

ExtremeZ-IP AFP Volume 
Creation 
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You r ll need to create ExtremeZ-IP AFP 
volumes for each of die following paths: 

• On the DFS target server the Directory 
containing the actual Users' Home 
Directories which was targeted above using 
the Windows DFS Management Application 

• On the DFS root emulator the ExtremeZ-IP 

DFS Root Path Home Directory within the 
“Volumes" window of ExtremeZ-IP, create 
an AFP volume from the Directory 
containing the actual Users' Home 
Directories. In tills example it is “DFSUsers r 
ExtremeZ-IP s DFS configuration creates 
special directories on your file server in 
“C:\Program FilesXGroup Logic\ExtremeZ-IP DFS 
VolumesY’ The Automatically created 
ExtremeZ-IP Volumes contained in this 
folder allow a Macintosh with the 
appropriately installed Group Logic software 
to use symbolic links contained in these AFP 
shares to properly resolve die DFS Namespace. 
In this example C:\Program FilesVGroup 
Logic\ExtremeZ-IF DFS Volumes\KM2CENTRIFY is the 
automatically created volume. The automatically 
created volumes in this directory will work lor 
normal DFS browsing but in the ease of home 
directories we will need to manually share out a 
subdirectory. 

Create ExtremeZ-IP subvolumes for die 
home directory folders located inside of 
“C:\Program Files\Group Logic\F.xtremeZ-IP 
DFS Volumes. 11 In this example the path is 
tl C:\Program Fiies\Group Logic\ExtremeZ-[P DFS 
Volumes\KM2CEWTRIFY\DFSHomes. fh 


Figure 11. Profile points to DFS Namespace rather than an actual path 
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Figure 12. DFS Definition 
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Figure 13. Validating the Path to the DFS Namespace 
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Use the resources you already have to easily manage and secure 

Macs in the Enterprise 


The Designer 

Needs her MacBook 
in order to work 
productively and cheerfully 




The IT Director 

Has to keep expenses and 
overhead in line while assuming 
responsibility for Macs 


The CEO 


Expects IT to support his Mac, 
which he uses along with 
his iPhone and iPad 


They can all be happy 


Everyone from the CEO to part-time contractors want to bring Macs into the workplace. But your Windows-centric 
IT department worries that they'll need additional hardware and training to efficiently manage and secure them. 


With Centrify, you can use your existing Windows tools and infrastructure to centrally manage user accounts, 
control access across departments or geographies, and even use Group Policy to ensure compliance with password, 
screensaver lockout, file-sharing and other security measures. 


Best of all, you can get started for free! With Centrify Express, in minutes you can have users fogging into their Macs 
with their corporate Windows username and password. 
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Figure 14. Sharing DFS Volumes 


These volumes will be added to the ExtremeZ-lP Volume 
list 

Group Logic DFS Macintosh Software 
Installation 

On the Macintosh, which has been successfully joined to 
your domain using Centrify Direct Control, go u> a well 
browser and point to the ExtremeZ-EP web server 
running on your domain controller using the domain 
name or IP address: 
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Figure 16. DFS client software 


Click the "Mac DFS Client Application’ 1 link to download the 
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Figure 15, DFS Volumes 
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installer. You'll need to enter your Mac’s administrator user 
name and password for the install, 

Once the Mac DFS Client Application is installed, you‘11 need 
to edit the file Vetc/dtsserversconf; 1 which was created when 
the Group Logic Mac DFS Client Application was installed. 
Add the fully qualified domain name and die port as die last 
line of this File. In this example, we added die line 
”win2(X)8pcrkm2centrif>'com:8081” to this file. 

/etc/dfsservers,conf: 

# This file is used by Group Logic, Inc/s 

# DFS client application. It should contain the 

# fully qualified domain name and port for the 

# ExtremeZ-IP DFS root servers to be contacted 

# to allow the Mac to browse your DFS namespace(s) 

# 

# example: bookers.g!ilabs.com:8{381 

# 

# the default port for use with ExtremeZ-iP is 8081 

# 


#add servers) below, one per line 
win2008pc.km2centrity.com:8081 

In ,/erc/CentrifyDC/centnfvdc.coiif, ensure diat you have die 
settings "auto.schema.remote.file.service 71 set appropriately to 
AFP For example: 

auto.schema.remote.file.service:AFP 

Note: You can also bike advantage of the DireetControl Group 
Policy in order to centrally manage this dfsserversxonf file by 
using the Tile copy" Group Policy to distribute a common file 
to all systems to which die policy applies. 

Testing the Configuration 

After installing and configuring the Group Logic DFS Client 
Application, reboot the Macintosh, At die login screen. Jog in as the 
user you've configured. The DFS network home directory user has 
logged in on die Mac, and if dus Ls die first login from Lhe Mac, die 
remote home directory will be populated with die default set of 
Mac user files and folders. 



Figure 17. User's directory is automatically populated with the default set 
of Mac user files and folders. 


MATIECH 


Summary 

Enterprise organizations dial want to integrate and embrace 
Mac users into dieir environment can Hilly integrate these users 
with the combination of Centrify DireetControl and Group Logic 
ExtremeZ=lP. DireetControl ensures that die workstations enforce 
die company’s security policies through Active Directory 
authentication and password policies, and Group Policy will also 
enforce the enterprise security configuration policy standards. 
ExtremeZ-IP ensures that Mac users can securely access dieir 
network home directories via AFP and store Mac files properly on 
a Windows server with the advantages of DFS. 


For More Information 

For more information on DireetControl for Mac OS X, check out our 
web site at: 

hftpy/www.centrifyxom/solutions/mac-cjsdesktop-rrianagement.asp 
For more information on ExtremeZ-IP, visit die Group Logic web 
site at: 

http://www.grouplogic.com/ products/ extreme Z^JP/ 

KB article on “How does ExUoneZ-lP map die Windows security 
model to Macintosh-style folder permissions?" 
hffp://support.grouplogic.com/?p=1556 r f 
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CORESEC: SECURITY TOPICS FOR ADMINISTRATORS AND PROGRAMMERS 


Shhhh.. Big Brother May be Listening 


What you need to know about VOIR 
Face Time, Skype and iChat security 

By Michele (Mike) Hjorleifsson 


Introduction 

I was having a conversation with a successful entrepreneur 
that I know who is still using physical T1 lines for his voice traffic; 
the topic was about voice over Internet protocol (VOIP for short) 
and why he hadn't made the switch to this technology in his 
business, He tends to adopt new technology, especially when it 
can have a positive impact on the company’s bottom line, so his 
refusal to make this switch perplexed me. After a long discussion 
his hesitancy boiled down to concerns that hackers could intercept, 
record and playback the packets of VOIP he was transmitting, in 
essence tap his phone lines. This intrigued me so I conducted an 
unofficial focus group of some of my other customers who hadn’t 
adopted VOIP yet and several of them had the same concerns, In 
short this is die basis for my segment Lhis month: is VOIP a secure 
enough technology to replace traditional POTS service for 
conducting business and discussing sensitive information? 

VOIP Primer 

A good place to start this conversation is a quick overview 
of how VOIP works* While there are a myriad of standards and 
proprietary protocols in use to achieve VOIP, the two most 
widely used are either based on SIP (session initiation protocol) 
or a proprietary protocol used by a that specific provider 
Services like Skype use a proprietary protocol, w hile services like 
FaceTime t Comcast, Verizon, Gablevision, Lingo, Vonage and 
many others use SIR Both use UDP (User Datagram Protocol) as 
the primary means of delivering the media channels, the audio, 
we actually hear when we are on a telephone call. Developers 
of VOIP applications and protocols prefer to use UDP due to its 
speed, lower overhead, and connectionless design* But with 
speed and performance come some limitations* there is no 
transmission verification (known as acknowledgement or ACK) 
that tile packet actually arrives or retransmission of any packets 
that were lust during the delivery from the originator to the 
destination and no built in security methodology to ensure that 
there is either a) no one listening to the packets or b) jumping 
in the middle of the conversation and pretending to be someone 
else* So what does connectionless design mean? 


An easy way to explain it is the difference between your 
mom coming into the living room and stating thaL dinner is 
ready and ordering at a restaurant. Your mom is letting everyone 
within earshot know that dinner is ready, and is not necessarily 
concerned with successful delivery of that message to each 
individual. In contrast, a waiter is very concerned. The waiter 
verifies your order, ensures that it is properly delivered to the 
kitchen and, if wrong, redelivers your order to the kitchen. You 
can see an inherent security issue in the way mom delivers the 
message; anyone can hear the it, even those who are not 
supposed to. 

How would you listen in and potentially record these 
messages? There are several tools available, the primary tool 
being tepdump (yes tepdump can capture and record UDP) and 
RTP tcxils (open source project from the University of Columbia) 
that can capture traffic into a file for later playback, So let’s take 
a look at some of the different providers and how they ensure 
your conversation is truly private. 

Apples Technologies 

Apple has traditionally employed XJV1PP (Extensible 
Messaging and Presence Protocol) in its iChat functionality, 
They have departed from this in the new FaceTime 
technologies on iOS and Mac OS X, iChat has provided 
encryption of your conversations since version 2 T and 
encryption of voice and video since version 3, FaceTime 
leverages the iChat encryption methodology, which you can 
monitor for yourself If you capture the actual UDP traffic and 
read the SIP information provided, you can see that IChat 
encryption is enabled and the RTP playback tools cannot 
decrypt the messages* One additional feature that I like about 
FaceTime is that the connection server used does not place the 
originator or destination noun names in any of the traffic, in 
other words even though you can see a FaceTime session 
starting, you don't know who it is between and can t decrypt 
the conversation (because of the encryption) Rating: Safe for 
voice and video, 
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Skype 

Skype utilizes a proprietary, peer-to-peer technology based on the 
Kazaa file sharing protocol. Skype encrypts all text, audio and video 
traffic utilizing an unpublished encryption and transmission 
scheme, 1 have captured and attempted to decipher Skype traffic to 
no avail. While capturing is fairly simple, deciphering proved quite 
impossible, at least for die standard hacker and off the shelf and 
open source tools. Rating: Safe for voice and video. 

Other VOIP Providers 

There are a plethora of other VOIP providers out there these 
days, from your traditional phone companies, cable providers and 
independent startups. I have tested several for research purposes 
and some were well protected, while others came up sadly lacking. 
My liest advice here is to ask questions about how the provider 
ensures your conversation’s security before you sign up for any 
service. One common answer presented by some of these 
providers is to put the responsibility on the device they are using 
at your location to connect to their service, especially the fact diat 
it is on the edge of vour network. The thinking here is that since 
this device only communicates with their service and is ’directly" 
connected to the Internet that this Ls inherently safe. WONG, 
WRONG, WRONG! Anyone with the right tools can intercept and 
capture the voice traffic for later playback. Rather than embarrass 
any of these providers directly. I will simply say that you should do 
your due diligence. 


Conclusion 

Voice Over Internet Protocol (VOIP) has been widely used for 
over a dozen years in the backbones of all the major 
telecommunications vendors and has only recently (over the last > 
10 years) become available to the consumer While most providers 
do take appropriate precautions to ensure communications security 
there are .several large vendors that do not and you should be 
aware as a consumer that this could compromise your 
conversations over that medium. That is if anyone would really 
want or need to record your voice conversations, but better safe 
then sorry and do your research before signing up for any service, 
I am glad to see that the technology based services like Skype, 
iChat, FaceTime are all employing several layers of security to 
ensure the fidelity and privacy of your conversations, whether text, 
audio or video. 

i 


• About The Author 

Michele (Mike) Hjorleifsson, co-author of the Apple 
Training Series: Security and Mobility courseware has 
been developing on the Apple platforms since the 
Apple ][+, implementing network and remote access 
security technologies since the early '90s, He is 
currently working with companies worldwide on Apple and Security 
consulting projects and conducting Apple IT and Pro Apps training. Feel 
free to contact him at mhjorleifsson@me.com 



3ti oo AM Developer Meeting 

T1 00 AM 


Back Together Again. 

Integrating calendar events and personal tasks into 
one easy to use App. The way it should be. 


Events 


0L t Pocket 
i Informant 


Pocket Informant, the 


iPhone's most versatile calendar/tasks Personal 
Information Manager (PfM) sets itself apart from 
the rest by providing the ability to sync to the 
other systems you hold dear Now syncing with 
Google t Toodledo, Outlook, and Mac OS X, 

(no te- Desktop Sync tnfotmilion w(iifabte or our vwbsfte) 

wwiv.por/tertrt/ormflrtr.tam | 2010 © 


iViki. &M»rrK Sittings 


AJsq available on 
Blackberry 


Windows Mobile 










Backup Battery 
Solutions 


Richard'Solo 

MOBILE CHAHRfci 


3 WAYS TO POWER UP 

Your iPad | iPhone l BlackBerry | DROID | EVO | Instinct HD Palm Pre and all Smartphones 


RichardSolo 4400 mAh 
Battery Case for iPad 

Protects your iPad in stylish leatherette 
with built-in 4400 mAh power boost 
adding an extra 3.5 hours viewing time. 
Unique design folds into a stand far 
comfortable viewing with all ports accessible. 
Charge using your iPad cable or charge 
iPhone 2G/3G/3GS/4, iPod, smartphones, 
and more using your device-specific USB 
cable [not included). Recharges by USB 
on your computer or use your Apple (or 
compatible) wall charger Measures 9,75" 
x 7,75" x 1.19", Includes minPUSB/USB 
charge cable and Instructions. One-year 
RichardSolo warranty. 

TX440 $79.95 


RichardSolo 9000 mAh 
Universal Mobile Charger 

9000 mAh backup battery connects by 
USB cable included with your device for 
charging iPad, all iPhone/iPod models 
(except shuffle), smartphones* and more. 
Doubles your iPad viewing from 10 to 
nearly 20 hours; increases iPhone use 
from 5 to 68 hours - iPod audio up to 
325 hours! Recharges by USB on your 
computer or use your Apple (or com¬ 
patible) wall charger. Measures 3,76" x 
1.57" x 1,57", Includes two USB charge 
cables (one rectractable), instructions* 
and travel case. One-year RichardSolo 
warranty. 

VT900 $89,95 


RichardSolo 1800 mAh Backup 
Battery with Laser and Flashlight 

These original #1 selling backup batteries provide 
1800 mAh charge and add hours of use for all 
iPhone/iPodmodefs{except shuffle/iPad), BlackBerry, 
Droid, smartphones* and more. All 1800s include 
retractable charge cable, 11Q-24GV wall charger, 
and dual USB car charger, Cables and support 
braces added for specific models. Plus a free 
iPhone 3G/3GS Custom Hard Case for RSG01/ 
RS008. One-year RichardSolo warranty. 

RS001 for iPhone 2G/3G/3GSM and iPod 
RS007 for BlackBerry and all Smartphones 
RS008 with Cable for iPhone 2G/3G/ 3GS/4 and iPod 


Originally 


Now $29,95 


iiPod Q iPhone 


-od ts a t radepiark of Apple tm., Fastened in the US. and other countries. iPhone rii a trademark of Apple Inc. 
tfackBerry* rs a registered trademark of Research fn Mown Ltd Free i tarns /squirt purchase. Drpip, BVO, fnsTrmrf 
to, Palm Pre are registered taaefemerta.. Offer cannot he combined with any other discounts or promotions. 


* Order now online: www.RichardSolo.com 


3REAT DEAL 


The WEEKLY GREAT DEAL offers 
incredible savings! Visit RichardSolo.com 
to sign up... it’s free and fun. 








Managing Software Installs with Munki-Part 4 

Crafting pkginfo files for munki 




By Greg Neagle, MacEnterprise.org 




MacEnterprise.org 

Mac OS X enterprise deployment project 


Previously in MacEnterprise 

Over die past several months, we've been looking at munki, a 
set of open-source tools that can manage software installation and 
removal on Mac OS X machines. Munki is available for download 
at http://code.googfe.eom/p/mtjnki. Munki am install software 
packaged in Apple's Installer package format, software delivered 
for “drag-and-drop" installs on disk images, and Adolie CS3. CS4 
and CS5 products and updates using Adobe's supported enterprise 
deployment tools. 

We set up a demonstration munki server on a Mac OS X 
' client 1 machine, and used that server along with the munki client 
tools to install, update, and remove some software packages on a 
client machine. The munki server is simply a web server, containing 
three types of information: 

Installer items; these are packages or disk images containing 
the software to be installed In many cases, you am use a package 
or disk image provided by the software vendor without having to 
repackage or convert the installer package. For example, munki 
can install Firefox directly from the disk image that you download 
from http://www.mozilb.conn - you do not have to "repackage 11 
Firefox in order to install it with munki. 

Catalogs; these are lists of available software, containing 
metadata about the installer items. The munki administrator builds 
these catalogs using tools provided with munki. 

Manifests: A manifest is a list of what software should be 
installed on or removed from a given machine. You can have a 
different manifest for every machine, or one manifest for all of your 
machines. Manifests can include the contents of other manifests, 
allowing you to group software for easy addition to client 
manifests. For example, you could create a manifest listing all of the 
software every machine in your organization must have. The 
manifest for a specific client could then include the "common 
software” manifest, and additionally have software unique to that 
client 

There is a fourth class of data that is commonly stored on the 
munki server as well, but munki clients do not access it directly 
This data is the “pkginfo” files - typically one per installer item. 
These contain the metadata for each installer item. Munki clients do 


not access these files directly; instead they use the catalogs, which 
are themselves built from the pkginfo files. 

Pkginfo files provide metadata about each installer item or 
package, information that either cannot be determined from the 
package itself, or info that would be too slow to get from every 
package each time munki runs. Much of the learning curve around 
munki involves crafting pkginfo files. Therefore, this month we will 
look at this topic in detail. 

Creating pkginfo files 

Fortunately, munki provides two tools to help with creating 
pkginfo files, The first we used in the previous two columns: 
munkiimport, munkiimport helps with importing new 
packages into the munki repository. It in turn calls a second tool to 
do most of the initial pkginfo generation. This tool is called, 
strangely enough, makepkginfo, and can be found at 
/usr/local/munki/makepkginfo. You can call it directly if 
you'd like. In its most common use, you give makepkginfo a 
package or disk image, and it outputs pkginfo, Here’s an example: 

ft cd /usr/local/munki 

% , /makepkginfo ~/Downloads/Coog 1 eSketcblfpMEN.dntg 
(?3Cml version 3 " 1 ! + 0“ encoding=*UTF ■ 8*7) 

(tDQCTYPE pliat PUBLIC " //Apple//DTD PLIST 1.0//EN* 

M ht tp://www.apple.cam/DTDs/PropertyList 1.0* dtd") 

(pHst version= M 1.0 w > 

(diet) 

(key )aiitoreinove</ key > 

(false/) 

<key)catalogs</key> 

(array) 

<string>testing</string) 

(/array) 

<key)descriptiem(/key> 

(stringX/string) 

<key>display*_nam'e</W> ___ 

<string)Google. SketchUp 8.0 (English)(/string) 
(key>installed_size</key) 

<integer)lG50G8</integer) 

(key Must aller_itemjiash< /key ) 

<^ring>dQ79e5S56&142aa5ac6c60617146b39Ba974belb6dOaec3c27Qbfa3f 
7Qdbc07d</string) 
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(key >in s ta 11 er_i t ein_l oc ation( /key > 

< s t r in g)Go ogleSketcMtpMEN - drug < / st ring) 

(key >in s tal2er_it euusize</key) 

<integer>3980Q(/integer) 

(key) min inmm_o s_v e rs ion 1 ( / key > 

(string)10,4,0</string) 

<key)name</key> 

(string)Google SketchUp 8.0 Installed/string) 

< key> r ec eipts </key > 

(array) 

<Mct> 

(key >filen ame </key > 

<string>Google_SU8_EN_5ketchl]p_Applicatian.pkg</string) 

<key>instal1ed_si 2 e</key> 

<integer>87812</integer) 

<key)nanse</key> 

<string>Google SketchUp Application^/string) 

(key>packageid</key) 

(string)cop.google.sketchupS.sketchop.applicationC/string) 

(key)ve r s ion</key > 

(string)8 *0* 3161, 0. EK/string) 

(/diet) 

(diet) 

(key>£ilename(/key> 

< st rin g>Ga ogie_SU 8_EN_Sket chUp_Sup p or t.pkg< / st ring> 
<key>installed_size</key) 

(integer)17192</ integer) 

(key>name( /key) 

<string>Google SketchUp Support</string) 
<key)packageid</key) 

(string)com,google,sketchupB,sketehup.support</string) 

<key >version </key > 

<string>B*0.3161.Q«0</string) 

(/diet) 

(diet) 


(key)filename </key) 

<st ring>Google_SD8_EN_SketchUp_Free.pkg</string) 

(key)installed_size</key > 

(integer>4(/integer) 

(key>name </key > 

(string>Google SketchUp 8.0 [English) Add- 

Ons</string) 

<key)packageid(/key> 

< string)c am .goo gie.ske tchu p 8.ske t chup_ftee. ad d o n s < /string) 
<key)version</key) 

(string>3.0.3161.G.G</string) 

(/diet) 

</array) 

(key>uninstall_me thod </k ey > 

<string>removepackages</string) 

<key)uninstallahle(/key) 

(true/) 

(key>version</key) 

<string>3.0.3161.O.CK/string) 

(/diet) 

You could copy and paste this into a text editor for editing, or 
use shell redirection to create a text file directly; something like: 

makepkginfo GoogleSketchUpMEK.dmg > GoogleSkatcbUp.pllst 

In either case, the pkginfo Is probably not ideal as-is, and will 
need to lx j edited further. Let's look at some common edits. 

Name 

<key)name</key> 
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(string)GoQgle SketchUp 8.0 Installer</string) 

name is the most important key in a pkginfo file, it is this 
name that is used in manifest files to specify a package to be 
installed. In order for munki to find the latest version of a package, 
all the versions of a package must have the same name in their 
pkginfo item. 

While you could use the name that makepkginfo pulled out 
of the Installer package, you probably want to remove die version 
number and simplify it: 

(key>name</key> 

(string>G og gl eS ket chUp </st ring> 

Cl remove the spaces from the name - but theres really no 
requirement to do this: it f s just an old habit. It does make it easier 
to remember the name without having to check if it's “Google 
SketchUp’ 1 or “Google Sketch Up*..,) Tf you later download a 
newer version of Google SketchUp, you'd want to make sure the 
name for its pkginfo was the .same as the name you chase for this 
one). 

Version 

< key> ve rsion</key> 

<string>3»0,3161.0.0</string) 

version is the next most important key. Tills is how munki 
finds the most recent version (or a specific version) of a package. 
You'll see that the version that makepkginfo generated seems to 
be wrong. This is because the version of the SketchUp installer 
package is 3.0.3161.0.0. (Note - tills is not common. Usually you ll 
find the installer package version more accurately reflects the 
version of die software it installs). You’ll probably want to edit die 
version string to match the version of the Google SketchUp 
application: 



START 

FAXING! 


<key)versian( / key) 

<string>8,0,3161.0.0</string> 

Catalogs 

(key)cat alogs(/key) 

(array) 

<string>testing(/string) 

(/array) 

By default, makepkginfo puis newly generated items into a 
“testing" catalog. This is a useful default. You can configure a subset 
of your munki clients to look first in the testing catalog for package 
information. By placing new versions of software in the testing 
catalog, only your “testing” subset of machines will install the latest 
version. Later, when you are confident a new version won t cause 
issues for you, you can move it to a "production" or "release” 
catalog. All of your machines would lie configured to check the 
production catalog. 

<key>catalogs(/key> 

(array) 

<string>prGduction</string) 

(/array) 

Note that die value of the catalogs key is an array - you 
can place an item in multiple catalogs. Tills is not used often, but 
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one reason to do this would be to create multiple testing groups. 
Perhaps you are testing a new version of Firefox. You have a group 
of testers (for example, a group of web developers) that shouldn't 
get every new application, but do want newer versions of Firefox 
sooner tlian the general population. You can make tills happen by 
creating a fire fox-testing’ catalog. You create a munki catalog 
simply by defining at least one item as being in that catalog. So by 
adding ‘fimfox-testing” to the list of catalogs Ibr the latest version 
of Firefox, you cause a ‘ firefox-testing 11 catalog to lie created with 
at least one item. 


< key>catalo gs </key> 

(array) 

<string>testing</string) 
<string>firefox-testing</ string.) 
<7 array) 


You would also then list the 'firefox-testing" catalog in the list 
of catalogs for your Firefox testers' manifestos): 

< ke y) c a t al □ g 3 < / key > 

(array) 

<string)firefox-testing</string) 

<string)production</string) 

(/array) 


This causes munki to look for items in the firefox-testing 
catalog first, looking in die production catalog only if no matching 
package is found in firefox-testing. 

name ancl version are the most important keys, and so you 
should always check these and edit if needed. If you are using a 
testing catalog for new packages, you can often leave the 
catalogs key as-is, but if you want to move a package directly 
into production or have a special configuration, you may need to 
edit this key as well, 

Display Name and Description 

<key>desGription</key> 

<st ring XV string) 

<key>display ..nane</key) 

<string>Google SketchUp 8.0 (English)(/string) 

The display_name and description keys are optional, 
but help provide a 1 letter end-user experience. If provided, the 
display_came is used instead of the name when infonnation is 
displayed to the user in Managed Software Update.app. The 
description, if it exists, Ls displayed below when a user selects an 
item in Managed Software Update.app, 

<key>description</key> 

<string>3D design software from Google.(/string) 
<key>display_nanie</key> 

<striiig)Ggogle Sketcht!p</string) 


If I edit the two keys as shown above, it appears in Managed 
Software Update.app as in Figure 1. 
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Figure 1 - Google SketchUp displayed in Managed Software Update.app 

For the display name, I removed the version number, since 
that is displayed elsewhere. The description can lie as long as you'd 
like. 

Installs Key 

The pkginfb for Google SketchUp we ve worked on so far is 
perfectly useable and functional. But there are more munki features 
that can be controlled by additional pkginfo edits. 


Receipts vs. Installs 

Our Google SketchUp pkginfo has a receipts key, listing 
the receipts tor the Apple packages that are installed. This info can 
be used in two different ways, The first use for the receipts 
information is when removing an item. Munki uses die receipts [o 
determine what files were installed, and compares that against all 
the other receipts on the machine, Any files listed in the item's 
receipts that are not in any other receipts are removed, 

The second use for receipts is as a method to determine 
whether or not an item is installed, and therefore if munki should 
attempt to install the item, ff munki has no other information, it will 
kx>k for the existence of the receipts that are listed under the 
receipts key, If any of these are missing or an older version, die 
item will be installed. 

But there are problems widi diis double duty for receipts. Jt Is 
not uncommon for metapackages (packages that contain other 
packages) to install only a subset of die available packages, 
depending on the OS version and other installed software. This 
means that the list of receipts generated by makepkginfo may 
contain receipts for packages diat don't actually get installed, or 
worse, are installed on some machines, but not others. If any 
receipt is missing, munki attempts to install the package. But if 
installing the package does not leave every receipt munki has on 
file, munki will continue to attempt to install the package again and 
again. 
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There are two ways to deal with this problem. The first is to 
edit die pkginfo, deleting any receipt for subpackages that are not 
actually installed. If the subpackages that don’t get installed are only 
installed on Tiger machines, for example, and you don’t have any 
Tiger machines, this solution may work. But if the subpackages are 
installed on some machines you manage and not others (perhaps 
due to hardware differences, or the existence of other software on 
the machine), this solution causes another problem. If you delete a 
reference to a receipt that does get installed, munki will not be able 
to accurately remove the item, as you have removed some of die 
information it needs to determine what needs to be removed. 

A better solution to this problem is to provide munki with 
alternate information it can use to decide whether or not to install 
the item, leaving the receipts key to be used only for removing line 
item. Pkginfo files can contain an installs key, which lists items 
that are installed by die item. This key must exist (and is generated 
by default) for installer items that aren't Apple packages (like drag- 
n-drop disk images), as these items don't leave receipts, 
makepkginfo cannot (currently) automatically generate an 
installs key for Apple packages, but you can do so manually 

As an example of an automatically generated installs key, 
we am review the pkginfo items created for Firefox and Google 
Chrome in previous installments, as these items are distributed as 
drag-n-drop disk images. Here's the installs key for Firelbx 
3,6.13: 


(key >insta11s </key > 

(array) 

(diet) 

<key>CFBundleIdentifier(/key> 
<Etring>org.mozilla. firefDx(/string) 

(key) CFBund1eName </key > 

<string>Firefox</string) 

<ke y>CFBund1e S ho rtVe r sionSt ring(/key) 
(string)3,6.13</string) 

(key)path(/key> 

(string)/Applications/Firefox*app< /st ring) 
<key)type</key> 

<string>application(/string) 

<7 diet) 

(/array) 


Here’s the same key for a recent version of Google Chrome: 

<key)installs</key) 

(array) 

(diet) 

(key > CFBund1eId entifie r </key > 

<string)cora,google.Chrome(/string) 

(key)CFBundIeName</key) 

<string>Chrome</string) 
<key>CFBundleShortVersionString</key> 
<string)8,0,552,215(/string) 

(key>minosversion(/key) 

<string>10.5.0</string) 

<key>path(/key> 

(string)/AppliestdMfi/Google Chrome.app(/string> 
<key)type(/key> 

<string)applicatimi</string) 

(/diet) 
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</array) 


There's a fair amount of information there. Fortunately, you 
don’t have to generate these items by hand; makepkginf o can 
help you. Let s create one for Google SketchUp. First we must install 
Google SketchUp on a machine, sc; the application is at its correct 
path. We can then use makepkginfo with the -f flag to generate 
an item for the installs List: 

% cd /usr/local/tnunki/ 

% ./makepkginfo -f /Applications/Google\ SketchUp\ 

8/SketchUp,app 

<?xmI version““l*fl w encoding= H UTF - 8*?) 

<!D0CT¥PE pi 1st PUBLIC "-//Apple//DTD PLI5T 1.0//EN W 
"http://www.apple.com/DTDs/PropertyList-1.O.dtd"> 

(plist version^ 1 * 1,0"> 

(diet) 

(key)instails</key) 

(array) 

(diet) 

< key >CFBundleId en tifier </key > 

(string)com.google.sketchupfree8</$tring> 

< key > CFBund1eName </key> 

<Btring>Sketch[Jp</string) 

< ke y> CFBund1eSho rtVer sionString</key > 

(string>8,0.3I6I</string) 

<key>path</key) 

(string)/Application/Google SketchUp 
8/SketchUp,appC/string) 

<key>type</key> 

< string >applie ation</a tr1ng> 

(/diet) 

(/array) 

(/diet) 

</pliat> 

All we need is the actual installs section, which we can 
copy and paste into die Google SketchUp pkginfo: 

(key)inst all s</key) 

(array) 

(diet) 

(k ey)CFBund1 e I d entifier(/key) 

(string)com,google.sketchupfree8(/string) 

(key > CFBund1e Name</key> 

(string>SketcMJp</string) 

<key)CfBundleShortVersio»Stxing</key> 

<string>S.0.3161(/string) 

(key>path</key> 

(string)/Applications/Google SketchUp 
8/SketchUp,app</string) 

(key>type</key> 

(string)applit:ation(/string) 

(/diet) 

(/array) 

This tells munki to check for the SketchUp.app inside the 
/Applications/Google SketchUp 8 folder, and if it exists, it 
must be version 8.0.3161 or later. If it doesn't exist, or is older, 
munki will attempt to install Google SketchUp 8.0.316L 

You may have multiple items in the installs list and these 
items are not limited to applications. You can check for other 
bundle types, like Internet plug-ins or System Preferences panes, or 
Info.plist files at specific paths. These can all lie compared to 
a specific version. You may also check for the existence of 
directories or files. With individual files, a checksum is generated - 
if the file on disk exists but its checksum doesn’t match the one in 
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Lite installs key, Lite item will be installed. For all of these file 
types, you can use makepkginfo -f to generate installs info. 

The installs key provides a flexible and powerful way to 
help munki decide if a given item should be instilled, it also 
provides for a certain amount of ’self-repair^ Using our prior 
example where we provide an installs key for our Google SketchUp 
item that lists the SketchUp.app application, if a privileged user 
were to delete the app or its entire enclosing folder on its next nm t 
munki would once again schedule an install of Google SketchUp, 

Package Dependencies 

Updates 

Munki supports two kinds of package dependencies. Both 
require certain keys in pkginfo files. The first type of dependency 
allows you to mark a given package as an update for another 
package. Well use Microsoft Office 2011 as an example. Our initial 
package is the disk image for the Office 2011 installer. Its pkginfo 
name is OlficeZOlT and Its version is "14.0.0,0.01 Later, Microsoft 
releases an update for Office 2011. We create a new pkginfo item 
for the update, which we name u Office2011_Update", version 
“14.0.1.0,0". But we don't want to have to modify all the manifests 
that include Office 2011 and manually add the update to the list of 
mu naged_ins tails - instead, we want munki to discover and apply 
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the update “automagically” We can do this by adding a new key - 
update_for - to the GfficeZOllJJpdate pkginfo item. 

<key >u pda te_f■or</key> 

<srray) 

<string>0ffice2 011</etring> 

</array> 

This key informs munki diat this item is an update for 
Offiee2Gll. On any machine whose manifest contains “Office2011 " 
in its managed_instails list, tills update will also be considered 
for installation. When Microsoft releases the Office 2011 140,2 
update, we can repeat the procedure for this update, and the next, 
and the next. In this way, all your managed machines with Office 
2011 automatically find and install the updates. 

You can also use the updatefor key to mark other 
packages that aren't strictly updates so that they will be installed 
With (and removed with) another package, There are several pieces 
of .software lor which we need to install some additional files - 
licensing configuration files, or other site or organization-specific 
customization^ Instead of modifying the vendor's installer or 
repackaging the software, we package our additions and mark 
them as an update for the third-party software. 

A good example of this is Firefox, Firefox is updated 
frequently, so it is convenient to be able to use the unmodified disk 
image as downloaded from Mozilla.com as the installation source. 
We also have some Firefox extensions we want everyone to have. 
By packaging these extensions separately, but marking them as 
updates for Firefox, any machine that gets Firefox also gets the 
extensions. When Firefox is removed, so are the extensions. 

Requirements 

Sometimes you need to ensure packages are installed in a 
certain order - for example. Adobe Acrobat 9 Pro has several 
updates that must be installed in the order they were released If 
you name all the updates "AcrobatPir>9Update' and you mark all 
them like so: 


<key > update_for</key > 

<array> 

<string)AcrobatPro9< /string) 

</array) 

munki will find the latest lL AcrobatPro9Update* (as of this 
writing, 9.11) and try to install that. Unless the currently installed 
version of Acrobat Pro is 9-4-0, this is likely to fail* So you need to 
tell munki that before you instill the 9.4.1 update, you must ensure 
die 9-4.0 update is installed To do this, you use the requires key. 

<key>requires</key) 

’(array) 

<string)AtirobatPrci9apdatc-9.4*0*0*0</string> 

</array) 

As it turns out, the 9.4.0 update requires die 9-3.4 update: 

<key>requires</key) 

<array> 

<string>AcrobatPro9Update’9.3.4.D,D</string) 
i/ array) 

This update in aim requires the 9.3.3 update, which in turn 
requires the 9,3.2 update, and so on, all the way back to the 9-1.0 
update. Manually installing ail of these updates in the right order Is 
a giant pain. Getting them all into munki and installing in the right 
order is also a pain, but once you've done it, munki can then do it 
on every' machine that has or needs Acrobat Pro 9. 

The requires key can also be used for other relationships: 
perhaps you have a tool to install diat requires diat die Xcode tools 
also be installed. You could add a requires key specifying that 
your tool requires Xcode, and so when someone tried to install 
your tool on a machine using munki, Xcode would lie installed first. 

More Optional pkginfo Keys 

There are more optional pkginfo keys that can lie useful in 
some situations. Here are a few. 
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<key)minimiim_os_ver&iDn</key> 

(string)10 t 5*0</string) 

< key >tfiaximum_os_ve r sion </key > 

<s.tring>10.5 * 8</string> 

You can use these keys to specify that a given version of a 
package should not be installed on an OS version lower than, say 
10.5.0, or higher than, say 10.5.8. (This is really useful with Xcode.) 

(key > supported_srchit e c tut e s < /key) 

(array) 

<string)i3B6</string) 

(string >xB6_6.4(/string) 

(/array) 

This key am he used to limit the installation of a given version 
of a package to machines matching a certain processor architecture. 
In the above example, this would not install on a PowerPC-based 
machine. 

Version 0.7,0 and Liter of munld support a few more 
interesting keys: 

<key>forced_insta1K/key> 

(true/) 

(key>forced_uninstal1</key) 

(true/) 

These keys can be used to indicate that a package is safe to 
install and/or uninstall without the user's consent. A package 
marked with forced_install equal to taie will be silently 
installed in the background without the user being notified Use this 
carefully. 


<key>MDckir]g_applications</key> 

(array) 

<string>Firefox</string) 

(string) Safari^/ string) 

<string>0pera(/string) 

(/array) 

This key lists applications that may block the installation of 
a package. This key can come into effect in two circumstances. 
The first: a user is notified of updates to install and elects to 
install without logging out. In this scenario, if one or more of the 
applications in the blockingapplications list is open, the 
user is warned to quit the application^) before being allowed to 
proceed. 

The second scenario is in conjunction with the 
forced_install and forced uninstall keys. If any 
application in the blocking_applications list is open, the 
forced operation will not be attempted for that package. The 
intent is to prevent munki from trying to update or remove open 
applications and potentially causing crashing and data loss. 

Even More Keys 

There are many more keys that may appear in a pkginfo 
item, but most of the ones not mentioned so far are 
automatically created by makepkginfo based on the contents 
of an installer item. Here are some additional keys: 

installer item hash: a checksum of the installer item 
so we can verify the downloaded item matches the original item. 
Auto-generated 
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installer item location: relative path to the installer 
item (package) inside the pkgs directory on the munki server. 
Auto-generated, hut may need to be edited if you move or modify 
the path to the package. 

Re st art Act ion: does the package require a logout or 
restart? Auto-generated from Apple packages, but you can add or 
modify this and may need to for non-Apple packages. Set to 
“RequireLogouf if logout is needed, or "RequireRestart" if a restart 
is needed, 

installer^type/uninstall_method: keys used by 
munki to determine the correct install and unsinstall methods. 
Auto-generated. 

uninstallable: a Boolean that indicates whether or not 
the package is uninstallable. Auto-generated based on die installer 
type, but you may need to set it to false for items (especially 
Apple updates) that you know cannot be safely uninstalled. 

Remember diat when you edit a pkginfo file on the munki 
server, you must run makecatalogs /path/to/munki/repo 
to get your changes incorporated into the munki catalogs. A 
common mistake is to make changes and forget to run 
makecatalogs. 

Conclusion 

Whew - thats a lot of info to digest. Pkginfo files are easily 
the most complicated part of munki, but that’s because they 
contain virtually all of the information munki needs to do its job. 
Pkginfo files contain both metadata extracted from die packages 
themselves, and additional information that only the munki admin 


can provide, munkiimport and makepkginfo can help create 
the pkginfo files, but you will sometimes need to manually edit 
these files to take advantage of all of munki’s features. 

That concludes (for now) our look at munki. We haven’t 
exhausted all of munki's features, but hopefully we’ve covered 
enough for you to decide whether or not it's worth further 
investigation. If you’d like to continue your exploration of this set 
of tools, visit the munki website at 
http://code.google.eom/p/munki, and read (or join) the munki-dev 
Google Group at http://groups.google.com/group/munki-dev. 

Jill 


About The Author 

Greg Heagle is a member of the steering committee of the Mac OS X 
Enterprise Project (macenterprise.org) and is a senior systems 
engineer at a large animation studio. Greg has been working with the 
Mac since 1984 , and with OS X since its release. He can he reached 
at gregneagle@mac.com. 
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Real World Review, 


by Joshua Long 

Sophos 

Anti-Virus for Mac, 
Home Edition 

Enterprise-grade antivirus 
software, now free 
for home Macs 

s._> 

Introduction 

Businesses are often required by laws and company policies 
to run antivirus software on all their computers, Macs included. 
In the home environment, however, there are no such 
requirements, and Mac users have debated for years about 
whether they should go to the trouble of running antivirus 
software, ts it really worthwhile to spend $40 every year to 
protect a Mac with commercial-grade antivirus software, or to 
endure the agonizing speed degradation commonly associated 
with AV? Thanks to Sophos, home users can now have quality 
protection without these frustrations. 

Why Mac antivirus software? 


Sophos vs the competition 

Sophos’ antivirus engine is one of the best on the market. In 
AV-Comparatives p (ov-comparafrves.org) November 2010 tests of 
proactive detection of new malware, Sophos Anti-Virus ranked in 
the top three PC antivirus products, earning the highest 
certification level (Advanced*). The tests also took into 
consideration die number of false positives, of which the Sophos 
engine had "few,” 

Let's take a look at how Sophos Anti-Virus Home Edition 
compares to other free alternatives for the Mac. The two most 
prominent freeware antivirus solutions are ClamXav 
tdamxQv.com) and PC Tools iAntiVirus (ionHvirus.com), and each is 
very different from Sophos. 

ClamXav is free for anyone to use in any environment, from 
home computers to enterprise workstations. Although ClamXav 
does not provide on-access scanning of the whole computer, it 
can be manually configured to scan files that are downloaded or 
copied to specific folders, for example ~7Downloads and 
-/Desktop, Like Sophos, ClamXav detects malware designed 
for any platform, as opposed to Mac-only malw r are. 

PC Tools iAntiVirus is only free for home use, and although 
it does offer on-access scanning, it only detects Mac-specific 
malware. Neither ClamXav nor iAntiVirus is a comprehensive 
solution compared to Sophos. Of the three, only Sophos will 
detect infected Web pages and e-mail attachments as soon as 
they are downloaded, regardless of the threat’s target platform. 

I tested Sophos and ClamXav with several hundred samples 
that I’ve collected from infected computers, Web sites, and e- 
mails over the past couple years, ClamXav only detected about 
75% as many files as Sophos. although ClamXav detected some 
files (particularly Windows adware) that Sophos did not detect. 
Neither one detected all the samples, which was expected; no 
antivirus solution detects 100% of infected or potentially 
dangerous files. 


Enterprise antivirus maker Sophos announced in November 
that they would begin offering a free Home Edition of Sophos 
Anti-Virus to ail Mac users. The announcement came just one 
week after SecureMac and Intego had independently published 
information about new java-based Mac malware spreading 
through Facebook and other sites, dubbed Boonana by 
SecureMac and Identified as a variant of the Koobface malware 
by Intego. 

Two weeks after the release of Sophos Anti-Virus for Mac 
Home Edition, Sophos released a report showing that a 
significant number of Macs running their software had been 
infected with malware. This malware included both Mac-native 
threats as well as plenty of Java-based malware, which Sophos 
pointed out “could easily be adapted to download Mac-based Effectiveness 
threats," as was the case with Boonana, Two Mac-specific threats, 

QSX/Jahlav-C and QSX/DNSCba-E, were each found on about 1 Unlike most full-featured antivirus solutions, the default 

in every 100 Macs scanned. (For the full Sophos repoit, see settings of Sophos Anti-Virus do not automatically delete infected 
http://macte,ch/sophos_stats). files or prompt users to do so. Instead, Sophos displays an alert 

informing the user that a threat has been detected, with options 
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Threat detected by Sophos Anti-Virus 

Virus,*Spyware' TrojAlS&edlr-AZ has been detected and 
listed in Quarantine Manager. 

Open Quarantine Manager... ciose 


Figure 1 - Threat detected by Sophos Anti-Virus 
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to open the Quarantine Manager or dose the dialog box, and 
die latter is the default selection. Regardless of which option die 
user chooses, as long as Sophos* on-access scanner is enabled, the 
file is Inaccessible and cannot be opened or even duplicated in die 
Finder or die Terminal (even using sudo). 



Figure 2 - When a threat is found, Sophos denies access by default 

If a malicious Mac application is detected by Sophos, 
attempting to open the application will result in two Mac OS X 
dialog boxes informing tile user that they cant open the 
application because it is “not supported on this type of Mac." Thus, 
Sophos effectively quarantines the tiles in place* 



Figure 3 - Malware is not supported on this type of Mac 


Even trying to access quarantined files from another computer 
via a network share proves fruidess. I had Sophos running on an 
Mac and no antivirus software on a MacBook Pro. From the 
MacBook Pro 1 connected to an AFP share on die iJVlac and tried 
to copy a file from die iMac to die local hard drive. This resulted 
in a Mac OS X dialog box explaining that I did not have permission 
to access the file. I also tried to duplicate an infected file in-place 
on die network share, wldch caused the MacBook Pros Finder to 
crash and relaunch (note to self: file a bug report). In any case, 
Sophos quarantines files on the local system in such a way that 
diey cannot be accessed by remote systems. 

Annoyances 

One strange and annoying issue I've encountered is that 
Sophos Anti-Virus frequently grays out the Clean Up Threat button 
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for items that should be easy for Sophos to delete on its own. For 
example, the action available for dealing with .zip files 
downloaded from parcel scam e-mails Is Clean up manually, 
meaning that users must try to locate the infected files on their 
computer. This may or may not lie easy, depending on whether 
the full path is shown in the Quarantine Manager; if the path or 
file name is too long, the path will be truncated, so you may have 
to use Spotlight or a third-party search utility to locate the tile (refer 
to the screenshot of the Quarantine Manager). You cannot resize 
the window so there is no way to see the foil path, and there is no 
Show in Finder option either. 



Figure 4 - "Clean up manually".. okay, so what's the full path? 


In other eases, instead of Clean up manually the available 
action will lx? Restart Mac instead, even when there’s absolutely 
no reason why that should be necessary. 1 came across this after 
downloading lake ActiveX video codec malware, which consisted 
of nothing more than Windows .exe files. Why on earth would 
Sophos need to restart the computer to clean Windows 
executables that aren’t in use? Worse still, restarting your Mac won't 
even clean up the threat; it will still be die re in die Quarantine 
Manager after restarting. 

Fortunately, Sophos did not gray out the Clean Up Threat 
button for the Mac OS X-spedfic threat I had it scan (a dangerous 
Space Invaders-style game called hseftose which deletes files in the 
user’s home directory when you destroy enemy spaceships); no 
manual deletion or restarting is required to clean dial Mac-native 
threat. 

Speed 

Antivirus suites have a reputation of slowing down 
computers. In my testing, there was no noticeable decrease in 
system speed or usability after installing the Sophos software, I 
even tested it on a low-end Mackintosh netlxxik (a Dell Mini JOv 
with a 1.6 GHz Intel Atom processor and 1 GB RAM) and the 
system was still quite usable after installing Sophos. 

Conclusion 

For those who support Macs in a home environment, l 
recommend trying Sophos And-Virus for Mac Home Edition. 
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Although there’s currently only a small amount of Mac-specific 
malware in die wild, Sophos can protect Maes from other threats 
such as malicious JavaScript redirectors, Adobe Flash files that 
exploit known vulnerabilities (see Mike Hjorleifssons CoreSec 
column in the MacTech November 2010 issue), multiplatform Java- 
based attacks like Boonana, and Windows-based malware that 
could accidentally be opened in a virtual environment like 
Parallels or VMware* and it can also discover infections on USB 
flash drives that you might have picked up from an infected PC 
unbeknownst to you. 

It’s time for us to put away our Smug Vims-Free Mac User 
shirts of yore and become more proactive at defending Macs from 
security threats. Three cheers to Sophos for lighting the way into 
battle. ivl, 

kil I 
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Casper * JAME Software LLC .... ......15 

Centrify Express * Centrify Corporation . 59 

Gsco Equipment * DsedCisco ... 35 

Data Recovery * OmeSums tar Recovery ... 20 

Deep freeze * Faronics .........4/ 

Developer Services * Ico Corp .........4 

Domain Registration * Madech Domains ... 72 

Dragon * Nuance Communications ...... 19 

Drive Tool Box • Stellar Information Systems Ltd . —16 

DVI to MiniDispluyPort • Gefen Inc ............ 78 

... 49 


Ergonis Utilities * Ergonis Software GmbH _____ ,J9 

eSellerate * DR ghbolDhect, Inc dfb/a/eSellerote .. ........33 

ExtremeldP * Group Logic Inc. ........... 51 

FastSpring Online Commerce * FastSpring ... ,....22 

Font Agent * Insider Software. ..... 21, 29, 45, 76 

Freeway * SoftPress Systems, Ltd. ..... 74 

fusion * VMware, Inc ....... 13 

GranileSTOR * Small Tree Communications ..... 73 

Hosting * tfosfGotor... 26 

IP*Works *//r software inc. . 23 

iPhone Accessories * RichardSolo . 67 

iPhone Apps • WeblS ...... 66 

IrisScon * LR.i.S. S.A. (IRIS = Image Recognition Integrated Systems) . 17 

IT Training * future Media Concepts .... ....45 

Law Offices * Brad Sniderman ....... ..86 

Likewise Enterprise ■ Likewise Software. .... 16 

Mac Upgrades * Trans International .... 9 

MacResoune Computers • MacResoune Computers & Service . 84 

Manage * Absolute Software . 62, 63 

maxemail.com 9 IGC, inc / MaxEMoil.com ..... 71 

MemoryMiner 9 GroupSmorfe, LLC..................... ..... 20,21 

Missing Synr • Mark/Space Inc :....... 37 

Parallels Desktop and Server • Parallels Inc ..... ....2-3 

PHOTORKOmm/fmECOmm 9 LC Technology International, Inc ..... Jf 

Postal Permit Form 9 DSPS (US Past Office}„ _______ 80 

Rock Mounts * KAE Corporation ............. 76 

REAL Studio Wei Edition 9 REAL Software, Inc.... ..... 77 

fle/rospetf * Roxio __________ BC 

Ruckus Wireless * Ruckus Wireless . .............47 

Security Testing Tools 9 SAINT ..... 11 

Sennheiser Headphones 9 Sennheiser Electronic Corporation . 83 

SEO 9 Aseopro ....................... —14 

Share Audio 9 Shore . 25,27, 29 

SmollDog.com 9 Smu// Dog Electronics ........ J8C 

Speaker/Wireless Systems * Audioengine ... 19 


\ 9 Houdah Software s. a r. I. ..... 85 

TextExponder 9 Smile .......... IEC-1 

TrueShip Shipping System 9 TrueSbip ...... 70 

DBB.threads 9 Mindraven. ......... 46 

DpSland • Just Mobile lid. ..... 44 

Valentina * Parodigma Software ..... 86 

VisiStat * VisiStat, Inc... ........ 43 

Web Help Desk • MacsDesign Studio LLC. ...... .......55 

lagg Skins * IAGG Inc ......48 

lulu iCal Server * SeedCode .......TO 
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THE MACTECH SPOTLIGHT 


Manton Reece 

Riverfold Software 

http://www.riverfold.com/ 

http://www.monton.org/ 


What's the coolest tech thing you’ve done using OS X? 

I like the work l did on Wii Transfer, which streams media 
to the Nintendo Wii r It used a few different technologies—web 
server, media conversion, Flash widgets, iLife integration, 
Bluetooth—to achieve something that was difficult to do 
before, The lesson I learned making Wii Transfer is that not 
everything has to be brand new; sometimes building a product 
is just taking a few small ‘"easy” pieces and combining them in 
a clever w r ay. 

Where can we see a sample of your work? 

My Mac and iPad apps are available at; 
http://www.riverfold.com/ 



What do you do? 

fm a software engineer. 1 build Mac and iPhone e-book 
software for VitalSource Technologies, and Fm the founder and 
solo programmer at Riverfold Software. 1 have two Mac 
products, Clipstart and Wii Transfer, and a new iPad app for 
Twitter called Tweet Library. I also co-host a podcast with indie 
developer Daniel Jaikut called Core Intuition where we talk 
about the business and everyday life of software development, 


How long have you been doing what you do? 

I started writing apps for the Mac about 16 years ago, first 
in the Pascal programming language, then later in C, C++, and 
now mostly Objecttve-C. It s been fascinating to watch the Mac 
evolve, through the dark days when Apple was “doomed" and 
you were crazy to develop software for the platform, 
to the modern era successes of Mac OS X and the 
iPhone, 


What is the advice you’d give to someone trying 
to get into this line of work today? 

As great as the Mac experience is, it’s not perfect; 
there are plenty of problems that still haven't been 
solved well. Find one and build a solution for it, either 
as your own independent product or as a free tool that 
can serve as your resume. Whether it’s a template or 
script or app or design, showing people what you can 
do will open up new opportunities. Start a blog and 
don't worry if it’s a small audience, if you share what you 
learn you’ll be giving back to the community and 
demonstrating your personality and skills with 
employers or customers. 
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The next way I’m going to impact OS X/the Mac universe 
is: 

Fve found I can only work on a few separate applications 
without spreading myself too thin, so for 2011 my goals are 
pretty modest: take everything Fve already built and make it 
better, fm also intrigued by the Mac App Store and hope to 
have at least one app there by the time you read this. We don’t 
know exactly what impact the App Store will have on the Mac- 
software market, but it’s exciting that it will likely be a very big 
deal. 


What was your first computer? 

The first computer I actually owned was a 
Macintosh Classic running System 6.0.7. It was 
underpowered compared to the Mac cutting edge 
even at the time, but it was affordable and. to me T 
amazing. I used it for school work, dialing up to 
BBSes, and tinkering with code. My main computer 
has been a Mac ever since. 


WWW.MACTECH.COM 


If you or someone you know belongs in the MacTedt Spotlight, let us 
know! Send details to editorwl@mcteckcom 
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Mac shopping made easy. 

Grab that to-do list, and prepare for some one-stop shopping at 
Smalldog.com! 

Bundles simplify the buying process 

Mac bundles (think Mac + RAM + AppleCare + external hard drive, etc.) 
not only include everything you need, but also save you money. 
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Visit » Smalldog.com/specials 

Macs from under $500 

We carry all current Macs as well as used, refurbished and closeout 
models, so there is a Mac for any budget. 

Visit» Smalldog.com/macs 
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Free shipping over $200 

9 It's true-we provide free, same-day ground shipping on every item over 

$200 every day. 
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Small Dog 

Electronics 

Always VjotAX Side 


www.smalldog.com 

800-511-MACS 

A Apple Specialist 


Tax-free shopping 


Purchases outside of Vermont are 
always shipped tax-free. 


y/' 1 V MacPook Pro * 
Chill Pill® mobile speakers 
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Celebrating 15 Years - 3rd Largest Apple Specialist in New England * 5-Star Merchant Rating * Same-day shipping 


Bundles T Macs Free Shipping T Tax-Free 















Roxio Retrospect" 8 

backup and recovery software for 
small and medium businesses 



roxio 




Macintosh The most 



trusted 
name in 
Mac 
backup 


Retrospect 8 backup and recovery software for the Mac provides the reliability, ease of 
use, power; and flexibility you need to protect critical data on Mac and Windows PCs 
and servers. Retrospect includes a state-of-the-art Mac user interface and 
enterprise-level features —Including remote management of one or more backup 
servers, disk-to-disk-to-anything backups, Xsan support and custom reporting — at a 
fraction of the cost of other products. _ 

Download a free 45-day trial at www.retrospect.com/try 


ROXIO 



